[Zope3-dev] Re: zope.security problems related to Python 2.5
update? (Was: Removed zope.security 3.4b4)
Christian Theune
ct at gocept.com
Wed Aug 15 12:07:04 EDT 2007
Am Mittwoch, den 15.08.2007, 12:02 -0400 schrieb Jim Fulton:
> On Aug 15, 2007, at 11:56 AM, Christian Theune wrote:
> > I'm not sure that we should have to rely on removing packages like
> > those.
>
> I'm fairly sure that removing them is *not* the right solution. For
> example, that might have broken other applications. (After all, I
> released b4 for a reason.)
>
> The right short-term fix in this case was to use b2 in grok until b5
> was released.
Right. I wasn't sure that people had a way to actually deal with this. I
didn't like my approach either and it didn't help anyway. :/
> > As Tres pointed out we should just avoid that everybody gets
> > those immediately anyway, but we should keep them as historic releases
> > in general.
>
> Only getting released versions would probably have just delayed the
> problem until it would have been harder to solve. I was able to
> address this quickly because the changes that caused it were fresh in
> my mind. It would have been harder if the problem were reported much
> later.
Hmm. Well. OTOH we just can't let *every* unsuspected user get that.
That's bad from multiple points of view like experience, marketing, ...
More information about the Zope3-dev
mailing list