[Zope3-Users] Security alert: use of Through-the-Web reStructuredText

David Pratt fairwinds at eastlink.ca
Wed Jul 19 08:12:36 EDT 2006

Jim Fulton wrote:
> On Jul 18, 2006, at 2:55 PM, David Pratt wrote:
>> Hi Jim. I was noticing a 0.4.0-zope in distutils
> I don't know what you mean by this.
>> that looks patched with  NotImplementedErrors for the offending code 
>> in docutils.parsers.rst.directives.misc.  Can you when this will land 
>> in the Zope3 trunk?

Hi Jim.

Yes, I mean docutils, sorry.

> If you mean patching the docutils, then as far as I'm concerned, it will 
> never land in the Zope 3 trunk.
> The right solution to this problem is to write applications that use 
> docutils correctly, not to patch docutils.

You are probably right but just the same I'd rather see the patched 
version for z3 also since I am certain this will become less obvious 
over time if it is left the way it is.

Alternatively, perhaps a text file for these security issues could be 
included in the distribution so it is not forgotten with any 
recommendations for a programmer to avoid known security issues.


More information about the Zope3-users mailing list