On Jul 8, 2006, at 3:06 PM, Andreas Jung wrote:
No, it is not. I haven't worked on the hotfix...so why would it be up to me write tests?
It's not. The person who *did* write the hot-fix didn't want the feature in the first place. Tres stepped up and helped us in an emergency. I imagine that he isn't signing up to maintaint the feature.
When you talk of "the feature"...you mean file inclusion? This feature was not supposed to be there. It was never a goal of reST to provide this feature. So Tres' solution (removing the code) is perfectly fine.
No, the feature I'm talking about is TTW reST. Because reST has a feature that has to be turned off to be secure when processing text from untrusted users, it requires special care.
There are a lot of modules where we don't want to take over the maintainer. The important thing is that we have clever ppl who understand the code and can deal with such problems in such a case.
We need a better chain of responsibility than that, especially when there is a known security thread.
See above...it's not a question of general responsibility...it's a question of taking over the responsibility for a particular problem in particular situation...of course maintainers for modules are highly welcome...things are as they are in the Zope 2 world...
I don't agree. Our current approach isn't working. Jim -- Jim Fulton mailto:jim@zope.com Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org