Make the installations of whoosh and authl optional, to cut down on installation bloat for sites that don’t need them
The dependency changes have the potential for breaking functionality in existing sites. In order to restore full-text search and federated authentication, you’ll need to add whoosh and authl to your deployment options, respectively. If you’re using Poetry or another dependency manager which understands extras, you can specify the search and auth extras in your pyproject.toml; for example:
Hopefully this is a helpful change for some people, and not too annoying for others.
Update: Until I tried to roll out a site without Authl enabled, I had failed to realize one spot where Authl was still being unconditionally imported. If you actually want to run without Authl, update to v0.7.11.
Publ v0.7.9 is out. The only change from 0.7.8 is a bugfix to fenced code blocks, which were broken by an excruciatingly subtle change to the pygments API. Oops.
Also added an optional scope parameter to the TicketAuth request (which Publ itself doesn’t use and it doesn’t make much sense in a TicketAuth context but maybe someone will have a use for it)
Added the ability to specify absolute links on the login and logout template functions
Both a minor update, and a major one; due to upstream vulnerabilities in Pillow, which are only resolved in a version which drops support Python 3.6, Publ now also drops support for Python 3.6.
Publ v0.7.3 is now out, with the following changes:
Properly handles markdown and HTML stripping in summary text
Improves first-paragraph extraction for OpenGraph cards
Reduces unnecessary image renditions for OpenGraph cards
Finally deprecates the AUTHL_FORCE_SSL configuration setting
Adds group display to the user information on the admin panel
Fix the PyPI listing
Make the image rendition cache purge mechanism actually, you know, work
Note that entry.summary now takes an optional parameter, markup, which defaults to True, for the sake of consistency with the rest of the Publ templating API. If you are using entry.summary to provide descriptive text for things (e.g. <a title="{{entry.summary}}"> or <meta name="description" content="{{entry.summary}}">) this will have to change to {{entry.summary(markup=False)}}.
Pushl has been updated, specifically to rewrite the way that feeds are parsed to avoid a problem due to feedparser internals changing in a way that made the caching mechanism stop working.
I’ve just released v0.5.1 of Authl. The only functional change is adding support for actually parsing IndieAuth server response profiles (rather than just requesting one and only using the h-card), now that there’s implementations in the wild, meaning that egg has hatched into a chicken.
There were also some minor documentation cleanups since v0.5.0.
There’s a general belief that SQLite is a “slow” database and Postgres is “fast,” and many software packages (including FOSS) insist that SQLite is only suitable for testing and doesn’t scale. However, this doesn’t make much sense when you think about it; SQLite is an in-process database so there’s no communications overhead between the service and the database, and because it’s only designed to be accessed from a single process it can make use of optimistic locking to speed up transactions.
Since I was installing postgres for another purpose on my webserver, I decided to quickly see if Publ performs better on Postgres vs SQLite. To test the performance I compared the timing for my website on both doing a full site reindex, and rendering the Atom feed several times (using the debug Flask server and caching disabled).
It took me way longer than I should have, but I finally decided to bump the minor version of Publ to 0.7.0.
My original intention was to only do that after getting the unit test coverage up to 90%, then to 80%, then to 50%… but it’s at 45% and that’s Good Enough I guess. I’d still like to get some proper automated testing in place for the bits that are tricky to test but with a system as complex as Publ it’s not particularly clear how to do a lot of that. The main issue is a fundamental mismatch between how the underlying ORM works vs. how unit testing is supposed to work, and I’ve so far been unable to square that circle. But maybe someday I’ll get the test coverage number up where I want it to be.
In any case, the only actual code change since 0.6.14 was some fixes to how page redirection works, especially around private entries.
Remove the minimal sample site from the source repository, as this is better served by the git repository for this site and the getting started documentation.