[Zope-dev] 2.9.4? reStructuredText support?

Andreas Jung lists at zopyx.com
Sat Jul 8 10:41:46 EDT 2006 


--On 8. Juli 2006 10:16:30 -0400 Jim Fulton <jim at zope.com> wrote:
>>
>> Yes, someone has to write the tests at some time, soon.
>
> Right. Before 2.10.

...so we have some time...

>
>> As I pointed out the risk is minimal for Zope-apps because you need
>> to have access to the ZMI..
>
> No, it's not.  Getting at arbitrary files is not acceptable from the  ZMI.

...which won't be possible with *removed* file inclusion code...

>> so what are security concerns in this case? And file inclusion
>> won't work if the related code is stripped off...so what are your
>> security concerns in this case?
>
> I am concerned by the lack of tests.  Whoever created the last hot  fix
> was sure the problem was fixed.  They were wrong and we're paying  the
> price.

This can happen all the time. A problem in the release process does not 
justify the removal of a feature until we tried our best to solve the 
problem. Use the sledge hammer as a last resort.

>>> You seem to be the only one championing TTW reST?
>>
>> I am only champion against crude removal of features and against
>> and a shortsighted preception.
>
> That doesn't deserve an answer.

Sorry for being harsh but the lack of tests after two days is really not
appropriate approach.

>
>>> Are you unwilling  to
>>> write the tests necessary to keep it?
>>
>> This is really not the point. As release manager I am allowed to
>> speak up. But that does not imply I have to fix all and everything.
>
> Yes, it really is the point.

No, it is not. I haven't worked on the hotfix...so why would it be up to me
write tests? I don't want blame Tres...he was doing his best in the 
situation...but this is totally unrelated that I would be unwilling to 
write tests in this case. I would have helped but it was late evening and 
at some point you need some sleep...

Andreas


> We've had a serious security failure due  to
> a lack
> of adequate testing.  This is not acceptable.
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20060708/dd6a1bc4/attachment.bin

More information about the Zope-Dev mailing list