[Zope-dev] Re: Was: Re: 2.7.3 beta attribute permission problems

Tres Seaver tseaver at zope.com
Fri Oct 22 08:38:07 EDT 2004


Andreas Jung wrote:

> how severe is the problem that you have fixed? According to some
> rumors the fix seems to break applications. The question for Zope
> 2.7.3 final is: is the problem severe enough to have it fixed for
> 2.7.3 with the risk of causing trouble with broken applications or 
> can we defer the fix to Zope 2.8?

-1.

I have yet to get a reproducible test case (one which breaks on 2.7-head 
but works on 2.7.2) from the examples folks have supplied.  The bug 
which I was fixing is a security issue, reported against CMF, but also 
affecting Zope:  http://zope.org/Collectors/CMF/259

Given that the change was required to implement a security fix, and 
without a reproducible test case for the reported breakage, I don't 
think we can credit the rumors.  We *definitely* don't want to defer the 
security fix.

I will ask Jim to review this with me today.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com


More information about the Zope-Dev mailing list