Zope Status Update, Zope Book reaches the alpha stage, session tracking and write locking in Zope, web security nirvana, Zope with Python 2.0, ZPatterns examples, and silencing leaks.

The opinions expressed in Zope Weekly news are solely the authors', and not the opinions of Digital Creations, The Zope Community at-large, or the Spanish Inquisition.

If you or your company are doing something cool with zope, submit it to the Zope Weekly News for possible inclusion.

And Now For Something Completely Different:

Documentation

by Michel Pelletier

Amos and I are proud to announce the first alpha release of the O'Reilly Zope Book! This means that all the chapters are roughed out and there is no more outline material left.

The book is far from done however; we have a whole mess of screenshots to take and lots of editing to do. Please bear with us and keep reading. As always, you can send us your comments.

Zope Status

by Brian Lloyd

Summary

XML progress and HiperDOM on dev.zope.org

Recent News

Several Collector issues were knocked out last week. Jim Fulton added several proposals to dev.zope.org for optimizing security checks and DTML rendering as well as changing the UserFolder implementation to use the Zope Security policy infrastructure for security checks during traversal. Jeffrey Shell also re-vamped his Write Locking proposal.

Near Future

Last week, Hiperlogica released an initial version of HiperDom which explores a template model similar to XMLC. We have been talking to the HiperDOM folks and are planning to make HiperDOM a dev.zope.org project that supercedes (and includes some of the other ideas from) the XHTMLTemplates project. The eventual goal is for HiperDOM Templates to become a part of the core.

In a related vein, Fourthought continues to work on the new ZDOM and XMLDocument replacement. We'll be putting more effort into "getting to the finish line" on these initiatives with the goal of the new ZDOM making it into the next feature release of Zope. We'll probably be trying to drum up feedback and testers soon on the zope-dev lists.

We will also be thinking about a 2.2.3 release sometime soon to deal with various issues (the __call__ bug must die!).

Ethan Fremen's comments:

In a discussion about ZPatterns, Steve Spicklemire gives us a link to an example implementation of ZPatterns. If you've been wondering exactly what ZPatterns can do for you, "check it out",

http://www.zope.org/Members/sspickle/DumbZPatternsExample

There's been some interesting discussion about the security of the session tracking that is being implemented in zope. There were concerns about the duration of a browser ID cookie, addressed by it being managed by users, and questions about its possible interception. As ChrisM says: "But if you came up with a truly secure web identification mechanism that does not require any authentication/client certificate, doesn't rely largely on security through obscurity, and that's completely 100% transparent to any number of end users that may be using any number of stock browsers, I'm sure somebody at RSA would be willing to pay you hundreds of millions of dollars. I'd even give you a couple thousand!"

read the debate and comment on the proposal

There's been some discussion of how to use Zope with python 2.0, and it looks like things are pretty much there

Jeffery would like us to take a look at write locking in zope so that all may edit freely, as long as they don't interfere with a patent

PTK Brief

Albert mentioned that the folks at DataChannel have published a DTD aimed at letting portals interchange content, users, groups, and more

A new version of the PTK should be landing shortly: in the meantime, you might grab one of Jim Tittsler's highly unofficial snapshots

Zope Web

-- by Ethan Fremen

Tim has passed the categorization flag on to mindlace, who's working on it :)

Shane Hathaway has stalked and killed a memory leak triggered by some odd dtml in zope.org, which will help in flattening out our otherwise eccentric memory usage

-EOT-