[Zope-Coders] Question on zope-collector-monitor group

[Ken Manheimer]

On Fri, 25 Jan 2002, Chris Withers wrote:

> "Collector: Zope Bugs and Patches ..." wrote:
> > 
> > Issue #173 Update (Request) "Zope doesn't change supplementary groups when run as root with -u option"
> >  ** Security Related ** (Confidential)
> 
> Is this group joinable by anyone?
> 
> If so, then confidential security postings shouldn't go to it.

They're not supposed to.  I'm using a collector feature that lets you 
designate destinations for notifications according to issue state - and i 
was not sending the confidential-state messages to the list.  Alas, i had 
slipped a bug in the code, so pending_confidential messages were being 
sent to pending addresses.  I've fixed that, and _should_ have updated the 
unit tests, if i had unit tests for the collector.  There's a moral here, 
somewhere.-(

Thanks for bringing my attention to the problem!

-- 
Ken
klm@zope.com