[Zope-dev] Re: Was: Re: 2.7.3 beta attribute permission problems

Andreas Jung lists at andreas-jung.com
Fri Oct 22 12:10:26 EDT 2004



--On Freitag, 22. Oktober 2004 8:38 Uhr -0400 Tres Seaver 
<tseaver at zope.com> wrote:

> Andreas Jung wrote:
>
>> how severe is the problem that you have fixed? According to some
>> rumors the fix seems to break applications. The question for Zope
>> 2.7.3 final is: is the problem severe enough to have it fixed for
>> 2.7.3 with the risk of causing trouble with broken applications or
>> can we defer the fix to Zope 2.8?
>
> -1.
>
> I have yet to get a reproducible test case (one which breaks on 2.7-head
> but works on 2.7.2) from the examples folks have supplied.  The bug which
> I was fixing is a security issue, reported against CMF, but also
> affecting Zope:  http://zope.org/Collectors/CMF/259
>
> Given that the change was required to implement a security fix, and
> without a reproducible test case for the reported breakage, I don't think
> we can credit the rumors.  We *definitely* don't want to defer the
> security fix.
>
> I will ask Jim to review this with me today.
>

I am not against the patch...I just need to know what the state of this 
issue is and what its
implications are for the final 2.7.3 release :-)

Andreas


More information about the Zope-Dev mailing list