[Zope-dev] Packaging Zope for Fedora
Marius Gedminas
mgedmin at b4net.lt
Thu Mar 27 14:42:50 EDT 2008
On Wed, Mar 26, 2008 at 09:20:27PM +0100, Dieter Maurer wrote:
> Timothy Selivanow wrote at 2008-3-25 17:12 -0700:
> > ...
> >Now when I say "rip out", I don't mean repackage (make a sub RPM), I
> >mean remove from the RPM that I am making. I don't want to provide a
> >"new" Docutils.
>
> That Zope ships with its own "Docutils" comes from the fact
> that the standard one has a big security hole.
Which one? The one that lets you embed any file on the filesystem into
a web page?
http://docutils.sourceforge.net/docs/howto/security.html
I didn't know Zope's bundled version of docutils fixed that. In any
case, the src/docutils in the Zope 3.2 tree either doesn't have the fix,
or it doesn't work. I tested it and ended up closing that hole in an
application myself.
Marius Gedminas
--
Alan Turing thought about criteria to settle the question of whether
machines can think, a question of which we now know that it is about
as relevant as the question of whether submarines can swim.
-- Dijkstra
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20080327/c280fcba/attachment.bin
More information about the Zope-Dev
mailing list