Robert Segall wrote:
Sorry Chris, but that is NOT how security works: you have to take seriously any issue, no matter how unpleasant the manner in which it was raised.
Find the part where I mentioned security ;-)
The issues raised by Jamie are legitimate, and they should be (eventually) dealt with. What the priority is I am not really sure - I doubt Zope will ever be a good idea in a truly high security environment. This is not a negative remark on the Zope development, but rather a reflection on any highly complex system.
Indeed. My comment is aimed to drive home the point about open source. If you want to get stuff fixed, try and be nice about it, and be helpful. Then the people are more inclined to help, rather than just ignoring the issues as the vitriol of the terminally infantile... ...and, as you point out, ignoring real security issues is a "bad thing".
seen). All in all it is your decision what you want to do about them, but you should at least be aware of their existence; dismissing them because they were pointed out in an impolite manner is not the answer.
I certainly didn't dismiss them, I see them as serious problems, but I don't personally have the time/knowledge to fix them andthe style in which they are presented means those who do have the time/knowledge aren't likely to fix them... Chris