Christian Theune wrote:
Hi,
Am Mittwoch, den 30.11.2005, 15:52 +0100 schrieb Philipp von Weitershausen:
Andreas Jung wrote:
Let's say it this way: it's safer than with Zope 2.8.3 but it is still not supported :-)
From where I'm standing, with Zope 2.8.4 it's as safe as with Zope 2.9 (which actually *requires* Python 2.4...) So it is really just a label we put on the 2.8 and 2.9 branches, in terms of the relevant code base they're the same...
Statements like that are *dangerous*. The label is all that it is about. It is against the possibility that although the likely relevant code base is the same, there might be some minor minor minor switch that makes everything burn.
I really can't figure out what your saying.
There are _several_ major linux distributions out there that already ignore this label and shipped Zope with Python 2.4. It's not helpful to argue them out of that if we don't care for the label ourselves.
Python 2.4 is not supported for current production Zopes. This has been clearly stated for some time. We can't prevent people from ignoring this and creating Zope distributions based on an unsupported Python. People who release Zope for unsupported Python releases are doing their users a disservice. In this case, there was a reasonably serious security problem introduced by Python 2.4. What Andreas is saying is that Python 2.4 still isn't supported for Zope 2.8. This is different from a statement about a security audit. The security audit evaluated and addressed issues arising from a change from Python 2.3 to python 2.4. Zope 2.8.4 reflects this. We still choose not to support Python 2.4 for Zope 2.8 because there hasn't been any sort of test release cycle for Zope 2.8 with Python 2.4. Zope 2.9 will go through such a cycle which will give us at least some consequence. Jim -- Jim Fulton mailto:jim@zope.com Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org