[Zope] Securing Zope

Chris Withers chrisw at nipltd.com
Thu Sep 25 07:47:33 EDT 2003


Robert Segall wrote:
> Sorry Chris, but that is NOT how security works: you have to take seriously 
> any issue, no matter how unpleasant the manner in which it was raised.

Find the part where I mentioned security ;-)

> The issues raised by Jamie are legitimate, and they should be (eventually) 
> dealt with. What the priority is I am not really sure - I doubt Zope will 
> ever be a good idea in a truly high security environment. This is not a 
> negative remark on the Zope development, but rather a reflection on any 
> highly complex system.

Indeed. My comment is aimed to drive home the point about open source. If you 
want to get stuff fixed, try and be nice about it, and be helpful. Then the 
people are more inclined to help, rather than just ignoring the issues as the 
vitriol of the terminally infantile...

...and, as you point out, ignoring real security issues is a "bad thing".

> seen). All in all it is your decision what you want to do about them, but you 
> should at least be aware of their existence; dismissing them because they 
> were pointed out in an impolite manner is not the answer.

I certainly didn't dismiss them, I see them as serious problems, but I don't 
personally have the time/knowledge to fix them andthe style in which they are 
presented means those who do have the time/knowledge aren't likely to fix them...

Chris




More information about the Zope mailing list