[Zope-dev] 2.9.4? reStructuredText support?

Jim Fulton jim at zope.com
Sat Jul 8 07:45:01 EDT 2006


On Jul 8, 2006, at 1:11 AM, Andreas Jung wrote:

>
>
> --On 7. Juli 2006 11:03:06 -0400 Jim Fulton <jim at zope.com> wrote:
>
>>
>> I think we should do a 2.9.4 release to incorporate the recent hot  
>> fix.
>> This is easy for me to say, since I won't be doing it. :)
>>
>> Because this recent fix actually fixed the same problem that the
>> previous hot fix was supposed to fix, I think someone needs to  
>> work up
>> some decent tests.  This is not a trivial task, bit it is  
>> necessary.  If
>> no one is willing to do this, I think we need to drop the TTW
>> reStructuredText support from Zope 2, as it is too great a risk.
>>
>
> Dropping TTW reST is absolutely not an option. I breaks backward  
> compatibility.

Sorry, security trumps backward compatibility.


>> BTW, I suspect that a less violent patch could be created, if
>> anyone wants to champion TTW reStructuedText support in
>> Zope 2.  Personally, I'm for dropping it.
>
> Tres' patch is looking in fine to me. I don't see a need right now  
> for dropping reST with having file inclusing *removed*.

Has anyone written tests for Tres' patch?  Apparently no one wrote  
adequate tests for the last hot fix, which helped put us in this  
situation.

I'm not opposed to keeping TTW reST if *someone takes responsibility*
for it.  I don't see this happening.  If someone cares enough about  
TTW reST
to stand behind it and properly address the security risks by writing  
tests,
then great.  Otherwise it has to go.

I also think Tres' patch was the right emergency measure, but I'm not
so sure it is the right long-term fix.  It reflects a sorry, but  
perhaps sadly
accurate,  view of the community's commitment to quality. :(

Jim

--
Jim Fulton			mailto:jim at zope.com		Python Powered!
CTO 				(540) 361-1714			http://www.python.org
Zope Corporation	http://www.zope.com		http://www.zope.org





More information about the Zope-Dev mailing list