[Zope3-dev] Excessive long traceback info in TALES

[Guido van Rossum]

> FWIW, keeping filenames out of tracebacks was a fairly strong 
> goal of the traceback hackery we've done thus far. It was done in 
> response to numerous recurring "security-related bug reports", with 
> people feeling that any disclosure of filenames is bad. While one 
> can argue that point, we've had people in the past willing to post 
> this as a "security issue" on public security-related sites, and 
> it's really not a good use of time trying to fight that sort of 
> PR battle.

As a matter of fact, I think tracebacks should only be displayed when
a special developer switch is set -- but when that switch is set (or
perhaps when 'Manager' permission is granted) I like my tracebacks
uncastrated.  Zope3 is so far from being usable in deployment that for
now, I think the needs of developers should prevail (if you want it to
ever *become* a deployable system).

--Guido van Rossum (home page: http://www.python.org/~guido/)