Christian Tismer wrote:
If you compare Zope's bug paranoia with Python's, would you say Zope is a bit less concerned, or there are not enough people being concerned to get things resolved?
I don't really know, I don't follow Python all that closely. Though due cgi.py's usage of tempfile.py I set my TMPDIR to a directory only writable by my zope process owner, and I don't see that changing until python 2.3 though I haven't read over the rewrite.
Why I'm asking is simply because I'm concerned that there are no bugtraq entries for Zope, and I don't buy that this comes from Zope being bug-free.
I don't think there's that many people actively auditing the source. All the bugs I've found haven't come from me looking for way a to do something malicious, they've come from me noticing bizzare behavior while trying to get something to work and just following up on it.
Maybe not enough people care about this, but if the hackers also don't care, why should I :-)
I don't know, why should you? I care because it used to be my job to care, now I can't seem to let the mentality go. -- Jamie Heilman http://audible.transient.net/~jamie/ "Most people wouldn't know music if it came up and bit them on the ass." -Frank Zappa