[Zope3-Users] Security alert: use of Through-the-Web reStructuredText

Jim Fulton jim at zope.com
Wed Jul 19 10:12:45 EDT 2006

On Jul 19, 2006, at 8:47 AM, Benji York wrote:

> David Pratt wrote:
>> What about the idea of maintaining a text file in the distribution  
>> specific to possible security issues. Is this worth considering  
>> for historical purposes so they do not get lost over time or  
>> implicitly understood by only a handful of people.
> Exactly.  Any package that needs security-related things verified  
> should have a test (doctest in a text file) describing the problem  
> and verifying that it has been fixed.

Of course, that, by itself, doesn't solve the problem.  docutils may  
introduce a new feature in the furture that shouldn't be exposed  
through the web.  Whenever we integrate a new version, we need to  
review it to make sure there aren't new security issues.  This is  
especially true of anything that is exposed TTW.


Jim Fulton			mailto:jim at zope.com		Python Powered!
CTO 				(540) 361-1714			http://www.python.org
Zope Corporation	http://www.zope.com		http://www.zope.org

More information about the Zope3-users mailing list