[Zope-dev] Re: 2.9.4? reStructuredText support?

Andreas Jung lists at zopyx.com
Sun Jul 9 10:47:32 EDT 2006 


--On 9. Juli 2006 10:10:53 -0400 Jim Fulton <jim at zope.com> wrote:
>
> That doesn't change the fact that when we found out about the threat
> last fall, we didn't check all of the places in Zope where we were  using
> reST.  You might say that this was because the person who did  the hot
> fix didn't know about all of the places we were using reST.

As far as I can remember at least Tres and I were involved in this issue. I 
think Tres was working on the hotfix and I was working on the 
releases...something like that. So we both were possibly blind...

>  But that
> just illustrates that our current approach of "everyone is  responsible
> for everything" or, cynically, "no one is responsible for anything"
> isn't working.

Isn't that the approach how Zope is working since years? It is a working 
process - not a perfect process. Look how often major vendors like 
Microsoft, Oracle or Apple deliver patches for their patches...we're 
neither better nor worse. That's not a excuse for mistakes (which *will* 
happen as long as humans are involved) but better look how far we got with 
Zope so far given the fact that a big  part of the Zope core is just a 
cruft.

Responsibility for a particular code part requires a solid understanding of 
the code. There are a bunch of modules where I assume that only a small 
number of people understands the code (who understand ZClasses except you 
and Dieter?).

Responsibility for a particular code part requires dedication. You may find 
a maintainer for module X or Y but I doubt that some will show dedication 
e.g. to ZClasses....which is a perfect example...Some month ago we had 
again the discussion about ZClasses and their future and one person spoke 
up to do something (take over the code or reimplement them).....lots of 
noise...nothing else... in my experience most contributors are of course 
dedicated in the first place to their own code but very little to some 
cruft code that dates back to the DC and early ZC times.


So my conclusion: dedication and taking over responsibility won't solve the 
general problem especially when it comes to security. As a maintainer 
you're usually blind or have a narrowed perception on things (which might 
depend on the personal skills and experiences)...not everyone of the 
contributors is a mastermind as you...that's just the situation..so only 
outstanding persons can help in such a situation (e.g. through regular 
reviews).

-aj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20060709/ea69d55c/attachment-0001.bin

More information about the Zope-Dev mailing list