[Zope-dev] RE: Resolved security-related collector issues for
thepublic?
Maik Jablonski
maik.jablonski at uni-bielefeld.de
Thu Jan 22 03:07:08 EST 2004
Hi Brian,
Brian Lloyd wrote:
> As the person who unfailingly gets flamed no matter which way the
> decisions leans :), I think we are probably at a point where we
> should have an official, documented and community-agreed-to policy
> on how these kinds of things will be handled.
My intent was not flaming anyone... Sorry for that. I just tried to take the
voice of the "average" Zope-Admin (installs Zope from a recent stable
release, waits for the security-maintainers of distros to get security
patches etc.).
> At a minimum, having a clear and documented policy would provide
> the benefit of 'no surprises' - if you disagree with the policy,
> or some aspect of it, you would at least be able to plan around it.
Very good idea...:) If all Zope-Admins can read before an installation:
"Security exploits will be exposed to the public as soon as they're
resolved in the CVS" everyone will & should run Zope out of CVS.
My point was: Give people a chance to react on exposed security flaws. The
statement above will do that because people should be prepared...:)
Cheers, Maik
More information about the Zope-Dev
mailing list