[Zope-dev] Re: Python2.4 Security Audit ETA???

Jim Fulton jim at zope.com
Fri Dec 2 10:38:32 EST 2005 

Christian Theune wrote:
> Hi,
> 
> Am Freitag, den 02.12.2005, 10:03 -0500 schrieb Jim Fulton:
> 
>>Christian Theune wrote:
>>
>>>Am Mittwoch, den 30.11.2005, 15:52 +0100 schrieb Philipp von
>>>Weitershausen:
>>>
>>>>>From where I'm standing, with Zope 2.8.4 it's as safe as with Zope 2.9
>>>>(which actually *requires* Python 2.4...) So it is really just a label
>>>>we put on the 2.8 and 2.9 branches, in terms of the relevant code base
>>>>they're the same...
>>>
>>>
>>>Statements like that are *dangerous*. The label is all that it is about.
>>>It is against the possibility that although the likely relevant code
>>>base is the same, there might be some minor minor minor switch that
>>>makes everything burn.
>>
>>I really can't figure out what your saying.
> 
> 
> Sorry. See my response a couple of lines downwards.
> 
> 
>>What Andreas is saying is that Python 2.4 still isn't supported
>>for Zope 2.8.  This is different from a statement about a security
>>audit.  The security audit evaluated and addressed issues arising
>>from a change from Python 2.3 to python 2.4.  Zope 2.8.4 reflects
>>this.  We still choose not to support Python 2.4 for Zope 2.8 because
>>there hasn't been any sort of test release cycle for Zope 2.8 with
>>Python 2.4.  Zope 2.9 will go through such a cycle which will give us
>>at least some consequence.
> 
> 
> If I didn't miss anything, neither an audit has happend for Zope 2.8
> with Python 2.4, nor did we make it a supported platform.

You did miss something. As has been pointed out several times in this
thread, the audit did happen for 2.8 and 2.8.  And, as has also been
said many times, Python 2.4 with Zope 2.8 is not supported.

> IMHO it is dangerous to call it "just a label" that we apply.

I really don't know what "it" you are refering to.  We did do the security
audit. We still aren't supporting Python 2.4 for Zope 2.8.

 > If the
> audit was performed, then I'll shut up immediately.

Cool. :)

Jim

-- 
Jim Fulton           mailto:jim at zope.com       Python Powered!
CTO                  (540) 361-1714            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org

More information about the Zope-Dev mailing list