On Jul 8, 2006, at 3:34 PM, Tres Seaver wrote: ...
The monkeypatch in the hotfix *might* be defeated that way, sure. The updated version of docutils I checked in will *not*, because it disables file inclusion inside the source of the dangerous handlers.
Another possible fix would be to patch docutils to make the configuration directive for file inclusion disabled by default; that would allow a trusted module to enable them for a given parse, without exposing the feature for untrusted code.
I like this. I would feel better, if we choose to maintain a hacked docutils, to rename it so that it remains possible for an add-on to use a non- hacked version. Also, if we maintain a hacked version, of course, we are taking extra responsibility on ourselves.
You seem to be the only one championing TTW reST? Are you unwilling to write the tests necessary to keep it? If so, it's hard to have any sympathy for your desire to keep it.
There are way too many uses of TTW documents out there "live" to just rip it out, I think.
Unless we have much better maintenance of this feature than we've had in the past, then we'll have no choice. Hopefully this will change. Jim -- Jim Fulton mailto:jim@zope.com Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org