-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
After a lot of hard work a special Zope Foundation membership meeting
called for December 12, 2008 passed a new set of bylaws unanimously.
The current bylaws were based on those of the Eclipse foundation,
which shortly after adoption were discovered to be too heavyweight for
the kind of organization the Zope Foundation aims to be. Evolving the
existing bylaws into something more appropriate and manageable was
attempted but failed.
The proposed bylaws are based on the bylaws of the Python Software
Foundation, with some additional improvements the PSF itself is
intending to implement. They were also brought in line with the fact
that the Zope Foundation expects to conduct most of its meetings and
communication online.
The major differences between the current and the proposed bylaws are:
* Making changes to the bylaws becomes easier.
* There will be only three classes of members:
1. Nominated Members, an individual and free membership that
replaces the old 'committer' and 'associate' memberships. There will
no longer be any formal relation between being a Zope Committer and
becoming a Foundation Member.
2. Sponsorship Members, members who financially sponsor the
Foundation.
3. Emeritus Members, members who retired from active membership.
The new bylaws can be downloaded from the Zope Foundation website at
http://foundation.zope.org/bylaws/zope_foundation_bylaws.pdf
Jens Vagelpohl, Board Member, Zope Foundation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAklJG0cACgkQRAx5nvEhZLKmCACgmkXf1yO4Yj1+fPS2woHJbk4G
DTIAoIVjjItCjK9T2tRVnYiAxgfTWe7w
=G8KW
-----END PGP SIGNATURE-----
Security issue in Grok: please upgrade!
=======================================
December 12, 2008. The Grok team encountered a serious security issue
that exposes Grok installations to attacks that erase data as well as
remote denial of service attacks. We *strongly* urge people to upgrade
to newer versions of Grok immediately. We have supplied new bug fix
releases of Grok for Grok 0.11 up to the recent release, Grok 0.14.
Only projects that use Grok directly are affected by this security
issue. If your Zope 3 project uses the ``grokcore.*`` libraries or if
you use ``five.grok`` on Zope 2, there is no security problem.
How to upgrade Grok? We give instructions that you can apply in your
Grok projects. Please run ``buildout`` after making the changes - this
will download the fixed version of Grok. After this restart your
server!
The upgrade instructions assume two possible installation methods:
* Old versions of ``grokproject`` generated projects that only include
the ``extends=`` line in ``buildout.cfg``, and updating that line to
point to a newer version of Grok is sufficient.
* Newer versions of ``grokproject`` create projects that require you
to modify ``versions.cfg``. There is also a line pointing to a Grok
version in the ``eggbasket`` section in ``buildout.cfg``. While this
a download optimization only, we still recommend you update that
line as well.
Grok 0.14: upgrade to Grok 0.14.1
---------------------------------
In the file ``versions.cfg`` change the line::
grok = 0.14
to this::
grok = 0.14.1
If you have no ``versions.cfg``, go to your projects ``buildout.cfg`` and
adjust this line::
extends = http://grok.zope.org/releaseinfo/grok-0.14.cfg
to this::
extends = http://grok.zope.org/releaseinfo/grok-0.14.1.cfg
While not strictly required, we also recommend you modify the following
line in the ``[eggbasket]`` section (if present)::
url = http://grok.zope.org/releaseinfo/grok-eggs-0.14.tgz
to::
url = http://grok.zope.org/releaseinfo/grok-eggs-0.14.1.tgz
After this change, run ``buildout`` and restart the server.
This version should work properly with Python 2.4 and Python 2.5.
Grok 0.13: upgrade to Grok 0.13.1
---------------------------------
In the file ``versions.cfg`` change the line::
grok = 0.13
to this::
grok = 0.13.1
If you have no ``versions.cfg``, go to your projects ``buildout.cfg`` and
adjust this line::
extends = http://grok.zope.org/releaseinfo/grok-0.13.cfg
to this::
extends = http://grok.zope.org/releaseinfo/grok-0.13.1.cfg
While not strictly required, we also recommend you modify the following
line in the ``[eggbasket]`` section (if present)::
url = http://grok.zope.org/releaseinfo/grok-eggs-0.13.tgz
to::
url = http://grok.zope.org/releaseinfo/grok-eggs-0.13.1.tgz
After this change, run ``buildout`` and restart the server.
This version should work properly with Python 2.4 and Python 2.5.
Grok 0.12 and Grok 0.12.1: upgrade to Grok 0.12.2
-------------------------------------------------
In the file ``versions.cfg`` change the line::
grok = 0.12 (or 0.12.1)
to this::
grok = 0.12.2
If you have no ``versions.cfg``, go to your projects ``buildout.cfg`` and
adjust this line::
extends = http://grok.zope.org/releaseinfo/grok-0.12.cfg (or grok-0.12.1.cfg)
to this::
extends = http://grok.zope.org/releaseinfo/grok-0.12.2.cfg
While not strictly required, we also recommend you modify the following
line in the ``[eggbasket]`` section (if present)::
url = http://grok.zope.org/releaseinfo/grok-eggs-0.12.tgz (or grok-0.12.1.cfg)
to::
url = http://grok.zope.org/releaseinfo/grok-eggs-0.12.2.tgz
After this change, run ``buildout`` and restart the server.
Note: the integrated REST support does not function properly on Python
2.5 in this version. It does work with the recommended version Python
2.4.
Grok 0.11 and Grok 0.11.1: upgrade to Grok 0.11.2
-------------------------------------------------
In the file ``versions.cfg`` change the line::
grok = 0.11 (or 0.11.1)
to this::
grok = 0.11.2
If you have no ``versions.cfg``, go to your projects ``buildout.cfg`` and
adjust this line::
extends = http://grok.zope.org/releaseinfo/grok-0.11.cfg (or grok-0.11.1.cfg)
to this::
extends = http://grok.zope.org/releaseinfo/grok-0.11.2.cfg
We have not released a grok-eggs-0.11.2.tgz as we never maintained
such tarball releases for Grok 0.11.
After this change, run ``buildout`` and restart the server.
Note: the integrated REST support will not function properly on Python
2.5 in this version. It does work with the recommended version Python
2.4.