[Zope-dev] 2.9.4? reStructuredText support?

Jim Fulton jim at zope.com
Sat Jul 8 10:16:30 EDT 2006 

On Jul 8, 2006, at 10:09 AM, Andreas Jung wrote:

>
>
> --On 8. Juli 2006 09:53:47 -0400 Jim Fulton <jim at zope.com> wrote:
...
>>>> Tres came up with this sledge hammer because he has no confidence
>>>> in people's willingness to test and implement this feature  
>>>> properly.
>>>
>>> I am fine with the sledge-hammer. I've never claimed that we need
>>> to support file insertion and raw support in any way. We don't
>>> need, we can kick it.
>>> But removing or disabling a feature because we are possibly
>>> incompetent would be just ridiculous.
>>
>> I can live with the sledge hammer for Zope 2.  All I ask for is  
>> tests.
>>
>> If there are tests for each way of invoking reST through the web that
>> verifies that file-inclusion isn't enabled, then it's alright with  
>> me  if
>> the sledge hammer is used to make the tests pass.  I won't   
>> tolerate an
>> untested feature with so much security risk.
>
> Yes, someone has to write the tests at some time, soon.

Right. Before 2.10.

> As I pointed out the risk is minimal for Zope-apps because you need  
> to have access to the ZMI..

No, it's not.  Getting at arbitrary files is not acceptable from the  
ZMI.

> so what are security concerns in this case? And file inclusion  
> won't work if the related code is stripped off...so what are your  
> security concerns in this case?

I am concerned by the lack of tests.  Whoever created the last hot  
fix was sure the problem was fixed.  They were wrong and we're paying  
the price.

>>
>> I'll also note that the sledgehammer might not itself be safe in the
>> presence of the various reload products for Zope 3.  Would Tres'   
>> patch
>> be defeated by reloading docutils.parsers.rst.directives.misc?    
>> Is there
>> a chance that a reload product
>> could reload this module and undo the fix?  I dunno.  It is  
>> worrisome.
>
>
>> You seem to be the only one championing TTW reST?
>
> I am only champion against crude removal of features and against  
> and a shortsighted preception.

That doesn't deserve an answer.

>> Are you unwilling  to
>> write the tests necessary to keep it?
>
> This is really not the point. As release manager I am allowed to  
> speak up. But that does not imply I have to fix all and everything.

Yes, it really is the point. We've had a serious security failure due  
to a lack
of adequate testing.  This is not acceptable.

Jim

--
Jim Fulton			mailto:jim at zope.com		Python Powered!
CTO 				(540) 361-1714			http://www.python.org
Zope Corporation	http://www.zope.com		http://www.zope.org

More information about the Zope-Dev mailing list