Over the past two years, much discussion has taken place within the Plone developer community regarding the state of the Zope2 project.
Activity levels have decreased dramatically, infrastructure issues have negatively effected Plone deployments, and the lack of reaction to the Zope-level issues in October's vulnerability announcement signals that the Zope community has neither the capacity nor interest to continue to support the Zope2 project in a way that works for Plone.
The appearance of relying on an unmaintained platform has become a liability for the Plone project and a negative point against those selling Plone as a solution. So, at the Plone Conference in Bucharest, the decision was made to move ahead with our plans. Let this serve as the official announcement that Plone will be forking the Zope2 project in an effort to better serve our users.
Doing so will allow us to remove the features that don't hold meaning in the context of Plone and exert much stricter control over the security of our application server stack.
Plone 5 made large strides in the merging of the CMF layer into Plone. Future Plone releases will remove those dependencies completely. Expect to see a similar approach taken to the Zope2 merge – this process will be incremental and largely transparent to integrators and end users.
For our developers, I'm going to set two rules on this:
- I will be the one handling any package forking that needs to be done. Please send me a note if there's a specific package you're after.
- Let Paul Roeland and I handle any communications with the Zope community. While we've done our best to be as open and friendly about this as possible, there are legal considerations to this project. We feel confident our bases are covered, but we'll want to keep all communications consistent.