Plone and the Future of Zope2

Over the past two years, much discussion has taken place within the Plone developer community regarding the state of the Zope2 project.

Activity levels have decreased dramatically, infrastructure issues have negatively effected Plone deployments, and the lack of reaction to the Zope-level issues in October's vulnerability announcement signals that the Zope community has neither the capacity nor interest to continue to support the Zope2 project in a way that works for Plone.

The appearance of relying on an unmaintained platform has become a liability for the Plone project and a negative point against those selling Plone as a solution. So, at the Plone Conference in Bucharest, the decision was made to move ahead with our plans. Let this serve as the official announcement that Plone will be forking the Zope2 project in an effort to better serve our users.

Doing so will allow us to remove the features that don't hold meaning in the context of Plone and exert much stricter control over the security of our application server stack.

Plone 5 made large strides in the merging of the CMF layer into Plone. Future Plone releases will remove those dependencies completely. Expect to see a similar approach taken to the Zope2 merge – this process will be incremental and largely transparent to integrators and end users.

For our developers, I'm going to set two rules on this:

  1. I will be the one handling any package forking that needs to be done. Please send me a note if there's a specific package you're after.
  2. Let Paul Roeland and I handle any communications with the Zope community. While we've done our best to be as open and friendly about this as possible, there are legal considerations to this project. We feel confident our bases are covered, but we'll want to keep all communications consistent.

@esteele so pull requests like removing this line: (noticed it a few times already) should be a pull request to zope foundation organization or instead should go the forking route?

Why not just take over maintainership of Zope2 itself? It's not like there are competing visions of What Zope2 should become...

That was definitely considered

We did reach out to try to do this in the friendliest way possible. It became apparent that competing interests would prevent us from making many of the changes that were driving our desire to take on this project.

I'll be starting up the discussion of our next steps this week. Hopefully that will make it clearer why we're choosing this path.

Any update on this already?

For those interested, there is a sprint next week on this topic:

I will be trying to work on it remotely.