[Zope-dev] How (in)secure is Zope?

[Chris McDonough]

On Thu, 2003-03-13 at 10:26, Toby Dickenson wrote:
> I suspect most people with checkin privelidges dont know about this problem, 
> because it wont have been sent to the public mailman list.

True.  I really don't know which set of committers gets the
"security-related" emails from that collector.  I do, somehow.  Other
folks at ZC do as well.  If something really bad comes up, someone
typically sounds the alarm and we put out a hotfix ASAP.

I think this particular problem occurs in a sufficiently narrow set of
circumstances that we didn't go into helmet fire mode on it (e.g. I
think the consensus is it should be fixed in an upcoming release, but it
doesn't require a hotfix).  That said, this is a guess (and a judgement
call), I haven't discussed it with anyone else.

- C