[Grok-dev] UPDATE recently created projects to 0.14.1
uli at gnufix.de
Sun Dec 14 18:00:30 EST 2008
Am Sonntag, den 14.12.2008, 21:54 +0100 schrieb Jasper Spaans:
> Op 14 dec 2008, om 19:11 heeft Martijn Faassen het volgende geschreven:
> > [periodic phone-home from the admin screen]
> > I think best would be to make a setting in some settings screen "check
> > for security updates" that's off by default. Unfortunately many people
> > will forget to turn it on as a result. Perhaps people aren't as
> > sensitive to this as all that though. Anyway, we need good UI thinking
> > about this.
I already thought about such a feature before releasing `grokui.admin`
0.3 (immediately after the security disaster), but stopped it because of
the phone-home problem.
Another idea was to implement it as a separate package, so everybody had
to explicitly enable it if he/she wants it in `setup.py`.
However, the possibility of turning on/off a switch in the admin UI
looks more attractive to me (less struggle for users), so +1 from me for
Brandons/Martijns suggestion, if the default is set to ``off``.
> > If someone writes all that, we could include it.
> +1 and /me volunteers to write this in the coming two weeks. Go study
> evasive behaviour go go go ;)
Great, Jasper. If I can help/support, please tell. Possibly we could use
the `flash()` feature for that. I'd definitely would like to discuss
that with you further, if you like.
> One small suggestion: grokproject could have a question for this to
> make new users see this feature at least once. (And now everyone can
> enter the ring to argue over the default answer to that question.)
You mean a question like:
Do you want to enable security notifications?
I am not sure about this. It might be easier then to replace the
normally (if notifications are enabled) shown message:
Your installed grok version is totally outdated and problably
hijacked by Evil Intruders right NOW.
by (if notifications are not disabled) something like:
Security notifications disabled. Go to <server-link/> if you
want to enable it
on the screen.
Beside this I would like to keep functionality of grokproject and
grokui.admin separated from each other.
But what we _could_ do (new suggestion): also print The Message on the
commandline/in the logs on startups/restarts. This way we would also
reach admins, that never use the admin-UI. This could also be disabled
somewhere (with default == ``on``).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://mail.zope.org/pipermail/grok-dev/attachments/20081215/ab41b016/attachment.bin
More information about the Grok-dev