We installed that hotfix on Plone 4.3.10 and we get the WARNING "Could not apply user", after some research i found out that this is a Plone 5 specific Patch.
Can we somehow detect the Plone version and ignore this patch?
Where to report that issue?
I would not call this an error. The message is insufficient and incomplete because it misses reasonable information like "Could not apply user - BECAUSE of ".
-aj
For us the "issue" is that we get that message on each Cron run, which means we get an E-Mail on each run.
But Plone is also effected: https://plone.org/security/hotfix/20160830
So it's not only for Plone 5.
From Description Page of the Patch:
On default installs of Plone 4.x, the "user" patch will not successfully apply and does not need to be patched. The patch is only applied when a version of plone.app.users greater than 2 is installed.
Version 1.1 of the patch is out. On Plone 4 and 5 it is not really needed (and on Plone 3 it is only needed if you use z3c.form). But the user patch was altered to also work on Plone 4. It could not actually be exploited on Plone 4, but the side effect is that the warning is not displayed. So that may help you.
We have meanwhile updated the hotfix page with information on which patches are expected to not be applied in which Plone version.
For a next hotfix we might consider adding some logic to not display a warning when not needed. But that is a bit tricky. For example, if the plone.app.discussion patch cannot be applied on Plone 4.0, then this is normal: that package was added in Plone 4.1. But someone may have manually added it on a 4.0 site.
There are all sorts of reasons why this may be tricky, especially considering that integrators may have added their own patches in custom code, which may interfere with our patches, but it should be doable to show less or no warnings when you are using standard Plone, so that a warning would really mean: please investigate.
thanks for your feedback guys.
@mauritsvanrees got the point that rene was trying to make:
in future releases of plonehotfixes each patch should check if it needs to be applied.
(ie. check if the version of plone.app.users is greater 2, or a certain import can be made)
this way, admins do not get emails for cronjobs that run bin/instance run (see https://github.com/collective/collective.pwexpiry/blob/0.9.1/README.rst#executing-the-notification-script)
@mauritsvanrees: is https://github.com/plone/Products.CMFPlone/issues the correct place to file a ticket for this?
this would be another improvement: print the error message in Products/PloneHotfix20160830/__init__.py
Yes, the CMFPlone issue tracker would be fine.