Andreas Jung wrote at 2006-7-8 14:12 +0200:
... removing TTW reST ...
[Andreas]
In addition I don't see a big problem for Zope-only(!) apps.
Of course, you must also consider applications built on top of Zope -- such as "ZWiki" and "Plone". They, too, need to be protected. [Jim] ... retain only when someone takes responsibility ...
Otherwise it has to go.
[Andreas]
No :-)
This, time I am on your side, Andreas :-) I agree with you that a feature ("file/url" inclusion code) physically removed from the shipped code can be considered no longer causing security risks -- even without extensive tests. I also agree with you, that this is preferable to dropping "reST" altogether (despite the fact, that I personnally do not use it). Of course, an artistically set Python path could cause Python's docutils to be used -- but hey, that's then a locally caused problem. -- Dieter