[Cubicweb] Pyro and ZMQ deprecated?

aurélien campéas aurelien.campeas at gmail.com
Sun Mar 2 15:20:00 CET 2014


Hi Dimitri,


2014-03-02 14:47 GMT+01:00 Dimitri Papadopoulos Orfanos <
dimitri.papadopoulos at cea.fr>:

> Dear all,
>
> I've stumbled upon the following tickets and learned that ZMQ and Pyro
> support will be deprecated/dropped in CubicWeb 3.19:
>         http://www.cubicweb.org/ticket/2919295
>         http://www.cubicweb.org/ticket/2919297
>         http://www.cubicweb.org/ticket/2919309
>
> We were planning on using ZMQ to remotely update and access CubicWeb
> databases, in order to avoid HTTP limitations and the hassle of managing
> HTTPS sessions in scripts. Are ZMQ and Pyro to be entirely dropped? What
> should we be using instead of ZMQ?
>

The idea is to use a combination of the "signedrequest" and "rqlcontroller"
cubes (server-side) and request.py (client side) to perform authenticated
restful repo access.

Still, this is far from a drop-in replacement of pyro/zmpqpickle protocols.

For pyro, it's just a dead unsupported library (there exists a version 4
but version number indicates it is a new thing).

I still believe there should be some room for zmq-pickle in the very short
term
provided its users are aware of the following:

* the client is basically granted full access to the resources of the
user at host
running the server, which is a bit of a security concern ...
* the transport is insecure (anyone sniffing the traffic will grab
everything)
* there are obscure bugs and corner cases
* it needs to die (as currently done at least)

(that's basically what Pierre-Yves noted in the tickets).

Regards,
Aurélien.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cubicweb.org/pipermail/cubicweb/attachments/20140302/a62dc8a0/attachment-0050.html>


More information about the Cubicweb mailing list