[Zope] Script (Python) insecure ?

Tres Seaver tseaver at palladion.com
Tue Aug 12 12:04:49 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Garito wrote:
> The same question again and again
> 
> As a Zope user I prefer to know as soon as possible if Zope has security
> problems like those
> 
> Perhaps the correct way will be to send the problem to the zope people and 2
> weeks later then make it public
> 
> I think 2 weeks is a very correct period to solve a problem if not, I want
> to try to solve the problem for myself
> 
> But I shout my mouth, sorry Andreas ;)
> 
> 2008/8/12 Andreas Jung <lists at zopyx.com>
> 
>> *sigh*
>>
>> I wished that both exploits were reported to the Zope bugtracker in order
>> to work on solutions before making the exploits public.

Right:  we would just like time to investigate the problem so that we
can announce the problem and the workaround / hotfix / new releases
simultaneously.  Two weeks would be longer than I would expect that
process to take.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIobSh+gerLs4ltQ4RAor1AJ94e+J6HcSYQbYTNM0x+FhGHiUxygCeMk5N
De3Ub0slW6p+DKJh3dRG+a8=
=pA6g
-----END PGP SIGNATURE-----



More information about the Zope mailing list