Tim Peters wrote:
[Christian Tismer]
... I don't mean to offend anybody by this, it is just a very simple question which I cannot answer alone.
There may be a simple question hiding in this, but it's hard to find <wink>.
You try: how secure is sendmail? how secure is ssh? how secure is Python? Answer those simple(?!) questions in the way you're looking for, and maybe someone can do the same wrt Zope. As is, you *appear* to be asking for a one-word summary of an encyclopedia. "Big" <wink>.
Hey, you're right. Maybe, by "simple question" I meant "short question", not necessarily easy to answer at all. :-) For the sysadmin's POV, I think it should be formulated like: If I install Zope, and I don't have the time to become a Zope guru, what are the newly accumulated risks for my system, if I use the default installation? The biggest fear would probably be a number of known exploits, and Joe Hacker just has to download some of "those tools", and the system is open. It appears that at least *that* is not the case. I think the answers given on the list were quite useful, thanks to you all! cheers - chris p.s.: sendmail? ssh? Python? Security exploits are discussed in the bugtraq list. I can find them all in the list archive. What about Zope? It is not in bugtraq. -- Christian Tismer :^) <mailto:tismer@tismer.com> Mission Impossible 5oftware : Have a break! Take a ride on Python's Johannes-Niemeyer-Weg 9a : *Starship* http://starship.python.net/ 14109 Berlin : PGP key -> http://wwwkeys.pgp.net/ work +49 30 89 09 53 34 home +49 30 802 86 56 pager +49 173 24 18 776 PGP 0x57F3BF04 9064 F4E1 D754 C2FF 1619 305B C09C 5A3B 57F3 BF04 whom do you want to sponsor today? http://www.stackless.com/