Thinking about switching from Ruby on Rails to web2py

[Faye]

Hi!

We're thinking of migrating from Ruby on Rails to web2py, but have
some concerns about making the switch:

1. Does web2py officially support Python 2.6.2? Our standard server
configurations use Python 2.6.2 and we don't want to install/support
two pythons.

2. Are web2py security fixes/updates timely and backwards
compatible? We can't upgrade to major new (incompatible) versions
just to get security fixes.

3. What is web2py's release & support policy? How long is each major
version of web2py supported with secuirty & bug fixes before being
retired? An official policy like Ubuntu would help ease concerns on
the enterprise because it makes planning ahead easy.

4. What is web2py's recommended plugin/library to use Paypal IPN?
This needs to be stable--not bet--since it deals with monetary
transactions.

FWIW, one important reason looking for alternatives to Ruby On Rails
is security. We want to easily fix underlying security issues with
the language and the framework. But we don't see a way to get
automatic & fast security updates on Ruby On Rails without backwards
compatibility concerns.

If Ruby (the language) and RoR (the framework) had an official release
policy similar to Ubuntu, we probably wouldn't be looking at
alternatives. So I'm hoping other frameworks don't make the same
mistake.

[JohnMc]

On Jun 20, 10:14 am, Faye <fx.develo...@gmail.com> wrote:
> Hi!
>
> We're thinking of migrating from Ruby on Rails to web2py, but have
> some concerns about making the switch:
>
> 1.  Does web2py officially support Python 2.6.2?  Our standard server
> configurations use Python 2.6.2 and we don't want to install/support
> two pythons.

Python 2.5 is the preferred platform as there is an issue with Auth/
Python 2.6 interaction I believe.

>
> 2.  Are web2py security fixes/updates timely and backwards
> compatible?  We can't upgrade to major new (incompatible) versions
> just to get security fixes.
>

Yes. Published in Trunk. I have yet to have a backward compatibility
issue with Web2Py.

> 3.  What is web2py's release & support policy?  How long is each major
> version of web2py supported with secuirty & bug fixes before being
> retired?  An official policy like Ubuntu would help ease concerns on
> the enterprise because it makes planning ahead easy.
>

That varies. 1.64.1 was out a couple of weeks ago and was just
followed by 1.64.2 this week.
If you followed just major point release you should be ok as that is
my practice and it has worked well so far.

> 4.  What is web2py's recommended plugin/library to use Paypal IPN?
> This needs to be stable--not bet--since it deals with monetary
> transactions.
>

There is one. It is marked experimental. But I would not have that
hold you back. Seems every time I have had a project that touches
PayPal, even with a 'plug-in' there seems to be something that needs
tweaking. (C++, Python, Glassfish ) Guess what I am saying is my I
have yet to have a code bundle work out of the box with PayPal.

> FWIW, one important reason looking for alternatives to Ruby On Rails
> is security.  We want to easily fix underlying security issues with
> the language and the framework.  But we don't see a way to get
> automatic & fast security updates on Ruby On Rails without backwards
> compatibility concerns.

Might want to look here http://www.web2py.com/examples/default/tools

>
> If Ruby (the language) and RoR (the framework) had an official release
> policy similar to Ubuntu, we probably wouldn't be looking at
> alternatives.  So I'm hoping other frameworks don't make the same
> mistake.

The bigger issue is do you get answers? It does no good to have a
stable point release schedule, run up against a problem, pose the
issue and get dead silence for a reply.

You might want to look here - http://www.web2py.com/AlterEgo/default/show/103
for RoR migration.
There is also a VirtualBox evaluation VM for use -- http://web2pyzip.onodot.com/

[mdipierro]

On Jun 20, 10:14 am, Faye <fx.develo...@gmail.com> wrote:

> Hi!
>
> We're thinking of migrating from Ruby on Rails to web2py, but have
> some concerns about making the switch:
>
> 1.  Does web2py officially support Python 2.6.2?  Our standard server
> configurations use Python 2.6.2 and we don't want to install/support
> two pythons.

"officially" we say we only support 2.5 because if people use 2.6 only
syntax they app will not work on 2.5. "technically" web2py runs on 2.6
with only one known issue: The cgi module that parses form variables
behaves differently in 2.5 and 2.6. If you do a POST and you also have
variables defined in the URL they behave in different ways. You have
to be careful about this in your own code. To my knowledge the only
part of web2py code that is affected is redirection after login. I was
planning to change the code tomorrow in trunk so that is behaves the
same in 2.5 and 2.6.

> 2.  Are web2py security fixes/updates timely and backwards
> compatible?  We can't upgrade to major new (incompatible) versions
> just to get security fixes.

We do not distinguish between security fix releases and major releases
because we NEVER broke and NEVER will break backward compatibility.
That is why we "official" support 2.5 and not 2.6. You should always
upgrade to the latest version of web2py. If we involuntarily break
something we treat it as a bug. Let us know and we fix it immediately.

> 3.  What is web2py's release & support policy?  How long is each major
> version of web2py supported with secuirty & bug fixes before being
> retired?  An official policy like Ubuntu would help ease concerns on
> the enterprise because it makes planning ahead easy.

We try to have biweekly releases. 1.xx.0, we have bug fix releases
1.xx.yy when needed.

> 4.  What is web2py's recommended plugin/library to use Paypal IPN?
> This needs to be stable--not bet--since it deals with monetary
> transactions.

I do not know. I have never used paypal with web2py. I strongly
recommend using google checkout instead and this library:

http://web2py.appspot.com/plugin_checkout/default/checkout

It is very solid. It was used to run the PyCon 2009 conference
registration. We did not miss one transaction (800 payments). It
includes level 2 notifications. i.e. google informs your app about all
stages of a payment process including cancellations and refunds. It is
very secure because all communications between google and your app are
encrypted, authenticated, initiated by google, google re-tries if your
app does not respond.

> FWIW, one important reason looking for alternatives to Ruby On Rails
> is security.  We want to easily fix underlying security issues with
> the language and the framework.  But we don't see a way to get
> automatic & fast security updates on Ruby On Rails without backwards
> compatibility concerns.

One again. We promise our users not to break backward compatibility
this is a policy.
We never had any security related bug (as far as I can remember).

> If Ruby (the language) and RoR (the framework) had an official release
> policy similar to Ubuntu, we probably wouldn't be looking at
> alternatives.  So I'm hoping other frameworks don't make the same
> mistake.

Massimo

[Faye]

On Jun 20, 11:02 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
> "officially" we say we only support 2.5 because if people use 2.6 only
> syntax they app will not work on 2.5. "technically" web2py runs on 2.6
> with only one known issue: The cgi module that parses form variables
> behaves differently in 2.5 and 2.6. If you do a POST and you also have
> variables defined in the URL they behave in different ways. You have
> to be careful about this in your own code. To my knowledge the only
> part of web2py code that is affected is redirection after login. I was
> planning to change the code tomorrow in trunk so that is behaves the
> same in 2.5 and 2.6.
>

Thanks! I appreciate the quick answers from you and JohnMC.

I'm looking forward to trying out web2py once the Python 2.6 issues
are addressed. I'd be new to Python, so it'll take at least a couple
hours before I become proficient enough to start debugging
compatibility issues. ;)

> > 2.  Are web2py security fixes/updates timely and backwards
> > compatible?  We can't upgrade to major new (incompatible) versions
> > just to get security fixes.
>
> We do not distinguish between security fix releases and major releases
> because we NEVER broke  and NEVER will break backward compatibility.
> That is why we "official" support 2.5 and not 2.6. You should always
> upgrade to the latest version of web2py. If we involuntarily break
> something we treat it as a bug. Let us know and we fix it immediately.
>

This is great and will be an important factor in making the decision
to switch from Rails to web2py.

> > 3.  What is web2py's release & support policy?  How long is each major
> > version of web2py supported with secuirty & bug fixes before being
> > retired?  An official policy like Ubuntu would help ease concerns on
> > the enterprise because it makes planning ahead easy.
>
> We try to have biweekly releases. 1.xx.0, we have bug fix releases
> 1.xx.yy when needed.
>

This is great, especially in keeping with maintaining backward
compatibility.

I hope web2py makes it into the Debian/Ubuntu repository before the
next Ubuntu LTS is released. That way, we can get security updates
automatically (provided the package maintainer isn't asleep).

> > 4.  What is web2py's recommended plugin/library to use Paypal IPN?
> > This needs to be stable--not bet--since it deals with monetary
> > transactions.
>
> I do not know. I have never used paypal with web2py. I strongly
> recommend using google checkout instead and this library:
>
>    http://web2py.appspot.com/plugin_checkout/default/checkout
>
> It is very solid. It was used to run the PyCon 2009 conference
> registration. We did not miss one transaction (800 payments). It
> includes level 2 notifications. i.e. google informs your app about all
> stages of a payment process including cancellations and refunds. It is
> very secure because all communications between google and your app are
> encrypted, authenticated, initiated by google, google re-tries if your
> app does not respond.
>

Sounds like Google Checkout works the same way as Paypal IPN! We're
going to look into it and probably support both.

> > FWIW, one important reason looking for alternatives to Ruby On Rails
> > is security.  We want to easily fix underlying security issues with
> > the language and the framework.  But we don't see a way to get
> > automatic & fast security updates on Ruby On Rails without backwards
> > compatibility concerns.
>
> One again. We promise our users not to break backward compatibility
> this is a policy.
> We never had any security related bug (as far as I can remember).
>

Even better than I had hoped! Looking forward to the Python 2.6
fixes.

Thanks again for the reply. I'm pretty sure web2py will gain many
users and teachers based on what I've seen so far.

[mdipierro]

I am uploading a fix to this problem for authentication now. It will
be in trunk in a couple of minutes, please give it a try.

Massimo

[Faye]

Thanks! I'm really eager try web2py (and Python). I can give it a
shot on Ubuntu 9.04 this weekend (if I meet my current project's
aggressive deadline).