On Fri, 17 Sep 1999, Michel Pelletier wrote:
I would like to take this opertunity to remind everyone that PRIVATELY informing us of 'showstopper' security bugs is just good netiquette. This gives us an opportunity not only to analyze the problem and provide a quick fix (after all, it could just be *your* problem, and you'd be 'crying wolf'), it also prevents the widespread distribution of exploits before we have a chance to control the situation.
And I'll take this opportunity to apologize for blabbing about this to the main list. At the time it occurred, I had no idea that it was a general Zope problem; I assumed it was a permission problem in the site setup. In fact, I didn't even expect the thing I tried to do what it did. Certainly I never intended to disrupt the Zope website. If I had thought at the time that it was a hole in Zope itself, I think I would have done things differently, but hindsight is 20/20. My bad, sorry. :( -- andy dustman | programmer/analyst | comstar.net, inc. telephone: 770.485.6025 / 706.549.7689 | icq: 32922760 | pgp: 0xc72f3f1d