Re: [Zope-dev] Zope 2.13 - next steps
On Sat, Jun 12, 2010 at 9:29 PM, David Glick <davidglick@groundwire.org> wrote:
Has the process of reviewing RestrictedPython against a new Python release been documented anywhere?
Not that I know of. Stephan Richter and Sidnei da Silva were the last to do these reviews, maybe they know. Hanno
On 2010-06-13, at 1348, Hanno Schlichting wrote:
On Sat, Jun 12, 2010 at 9:29 PM, David Glick <davidglick@groundwire.org> wrote:
Has the process of reviewing RestrictedPython against a new Python release been documented anywhere?
Not that I know of. Stephan Richter and Sidnei da Silva were the last to do these reviews, maybe they know.
There was talk of having a BoF at a conference or similar about the process of doing the RestrictedPython security audits, to make sure it doesn't become an arcane lost skill, any chance this could happen at PloneConf2010? Matt
On Sunday, June 13, 2010, Hanno Schlichting wrote:
On Sat, Jun 12, 2010 at 9:29 PM, David Glick <davidglick@groundwire.org> wrote:
Has the process of reviewing RestrictedPython against a new Python release been documented anywhere?
Not that I know of. Stephan Richter and Sidnei da Silva were the last to do these reviews, maybe they know.
There is no process really. You have to go through the changes in Python 2.7 and detect API changes in the C code to see whether any op-codes changed or a new API opens up some unwanted access. Regards, Stephan -- Entrepreneur and Software Geek Google me. "Zope Stephan Richter"
participants (3)
-
Hanno Schlichting -
Matthew Wilkes -
Stephan Richter