[Zope3-Users] Security alert: use of
jim at zope.com
Wed Jul 19 10:12:45 EDT 2006
On Jul 19, 2006, at 8:47 AM, Benji York wrote:
> David Pratt wrote:
>> What about the idea of maintaining a text file in the distribution
>> specific to possible security issues. Is this worth considering
>> for historical purposes so they do not get lost over time or
>> implicitly understood by only a handful of people.
> Exactly. Any package that needs security-related things verified
> should have a test (doctest in a text file) describing the problem
> and verifying that it has been fixed.
Of course, that, by itself, doesn't solve the problem. docutils may
introduce a new feature in the furture that shouldn't be exposed
through the web. Whenever we integrate a new version, we need to
review it to make sure there aren't new security issues. This is
especially true of anything that is exposed TTW.
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-users