[Zope3-Users] Security alert: use of Through-the-Web reStructuredText

Jim Fulton jim at zope.com
Wed Jul 19 10:09:37 EDT 2006

On Jul 19, 2006, at 8:35 AM, David Pratt wrote:

> Benji York wrote:
>> David Pratt wrote:
>>> You are probably right but just the same I'd rather see the  
>>> patched version for z3 also since I am certain this will become  
>>> less obvious over time if it is left the way it is.
>> Instead of maintaining a fork of docutils, Zope 3 should (and may  
>> already, I haven't been keeping up with this issue) include tests  
>> to make sure we're using docutils appropriately.  Best of both  
>> worlds: we have continued assurance we don't regress, and we don't  
>> have to maintain a fork/patches.
> Hi Benji. Fair enough. What about the idea of maintaining a text  
> file in the distribution specific to possible security issues. Is  
> this worth considering for historical purposes so they do not get  
> lost over time or implicitly understood by only a handful of  
> people. Many thanks.

Docutils already provides such a document.  It's there documenation.   
Whoever made reST available TTW didn't read it.  Providing another  
document that people won't read  won't help the situation.  Whenever  
we reuse 3rd-party code or write, we need be aware of security issues.


Jim Fulton			mailto:jim at zope.com		Python Powered!
CTO 				(540) 361-1714			http://www.python.org
Zope Corporation	http://www.zope.com		http://www.zope.org

More information about the Zope3-users mailing list