[Zope3-dev] Re: More in zope.app: securitypolicy and wiki

[Casey Duncan]

I get it now (thunk, thunk). I will attempt to summarize for my own
edification:

 - A package's existence in the Zope3 repository has little or no
   bearing on whether it is distributed with a Zope 3 distro.

 - Existence in the repository is designed to include it in
   developer builds from checkouts so that code atrophy is less
   likely.

In theory this sounds pretty good. One concern I have is that it may
lead to *everything* going into the repository which will be a
bit of a burden on developers. Already a Zope3 checkout is a pretty
weighty proposition. This will also create inertia since low level
changes may break tests for "in repo" packages in ways the low
level developer doesn't understand, especially in cases where tests
make false assumptions about lower level services. The upside is
if course, the visibility of the breakage and the added urgency
of failing tests in the zope package.

I think we need a bit of package terminology to clarify things and
replace the old "core", "non-core" terminology. Here are some
suggestions:

"Zope Package" means any package under the "zope" package in cvs.
"App Package" means any package under zope.app in cvs. Of course this
means all app packages are zope packages.
"Top-level packages" are the sibling packages to "zope"
Packages outside of the Zope3 repository are called "outside packages".

Given this nascent terminology how does one determine whether something
should be an app package, zope package, top-level package or outside 
package? Sure, the latter could be a license/control descision. Aside
from that given the disconnect between repository and distro (which is a
great liberating thing IMO), what does the package structure in the repo
actually mean?

-Casey