[Zope-dev] Re: Python2.4 Security Audit ETA???
Christian Theune
ct at gocept.com
Fri Dec 2 10:17:00 EST 2005
Hi,
Am Freitag, den 02.12.2005, 10:03 -0500 schrieb Jim Fulton:
> Christian Theune wrote:
> > Am Mittwoch, den 30.11.2005, 15:52 +0100 schrieb Philipp von
> > Weitershausen:
> >>>From where I'm standing, with Zope 2.8.4 it's as safe as with Zope 2.9
> >>(which actually *requires* Python 2.4...) So it is really just a label
> >>we put on the 2.8 and 2.9 branches, in terms of the relevant code base
> >>they're the same...
> >
> >
> > Statements like that are *dangerous*. The label is all that it is about.
> > It is against the possibility that although the likely relevant code
> > base is the same, there might be some minor minor minor switch that
> > makes everything burn.
>
> I really can't figure out what your saying.
Sorry. See my response a couple of lines downwards.
> What Andreas is saying is that Python 2.4 still isn't supported
> for Zope 2.8. This is different from a statement about a security
> audit. The security audit evaluated and addressed issues arising
> from a change from Python 2.3 to python 2.4. Zope 2.8.4 reflects
> this. We still choose not to support Python 2.4 for Zope 2.8 because
> there hasn't been any sort of test release cycle for Zope 2.8 with
> Python 2.4. Zope 2.9 will go through such a cycle which will give us
> at least some consequence.
If I didn't miss anything, neither an audit has happend for Zope 2.8
with Python 2.4, nor did we make it a supported platform.
IMHO it is dangerous to call it "just a label" that we apply. If the
audit was performed, then I'll shut up immediately. I just think that it
can happen more easily that someone picks up "that's *just* a label" and
will ignore recommendations in the future.
If that happens those ignoring the recommendations can of course not
blame us, but it creates more trouble than necessary.
Just my 0.02 EUR ...
Christian
--
gocept gmbh & co. kg - schalaunische str. 6 - 06366 koethen - germany
www.gocept.com - ct at gocept.com - phone +49 3496 30 99 112 -
fax +49 3496 30 99 118 - zope and plone consulting and development
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20051202/66ca408f/attachment.bin
More information about the Zope-Dev
mailing list