-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andreas Jung wrote:
--On 8. Juli 2006 07:45:01 -0400 Jim Fulton <jim@zope.com> wrote:
On Jul 8, 2006, at 1:11 AM, Andreas Jung wrote:
--On 7. Juli 2006 11:03:06 -0400 Jim Fulton <jim@zope.com> wrote:
I think we should do a 2.9.4 release to incorporate the recent hot fix. This is easy for me to say, since I won't be doing it. :)
Because this recent fix actually fixed the same problem that the previous hot fix was supposed to fix, I think someone needs to work up some decent tests. This is not a trivial task, bit it is necessary. If no one is willing to do this, I think we need to drop the TTW reStructuredText support from Zope 2, as it is too great a risk.
Dropping TTW reST is absolutely not an option. I breaks backward compatibility.
Sorry, security trumps backward compatibility.
BTW, I suspect that a less violent patch could be created, if anyone wants to champion TTW reStructuedText support in Zope 2. Personally, I'm for dropping it.
Tres' patch is looking in fine to me. I don't see a need right now for dropping reST with having file inclusing *removed*.
Has anyone written tests for Tres' patch? Apparently no one wrote adequate tests for the last hot fix, which helped put us in this situation.
I've written some tests (checked in on the trunk). They test the 'raw' and 'include' directives
Great! Maybe we can add a similar set for the 'fmt="restructured-text"' in DTML.
@Tres: what is the reason to keep the 'raw' code in docutils? I am in favor to remove it and replace it with a NotImplementedError exception (same as for the the 'include' code). The related tests (for reStructredText and ZReST are commented for now) do except a NotImplementedError for a 'raw' directive.
'raw' can be used to disable ReST processing for a block, even if the ':file:' or ':url:' options aren't set.; I was trying to leave the possibility of that use case. Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEsVdq+gerLs4ltQ4RAr5lAKCD7gYS/162mz8YPfUm7NshA2lJmwCgtXOe nVX21AXxsYmMfNEgmtAaPmk= =tWJZ -----END PGP SIGNATURE-----