[Zope-dev] Plans for Zope 2.12

Lennart Regebro regebro at gmail.com
Sun Feb 1 15:03:00 EST 2009


On Thu, Jan 22, 2009 at 10:38, Chris Withers <chris at simplistix.co.uk> wrote:
>> Note that Jim never explained to me how he does these audits, but I gathered
>> some methods he used in conversations. I think I did a pretty thorough job
>> during the review.
>
> Yeah, this disturbs me a lot still though :-S

I know the feeling. :) I completely trust that Stephan did a good job
if he thinks he did, but I would be happy if we could gather a bunch
of smart people to spread the knowledge. Maybe a security review
sprint at PyCon, or somesuch? I'd like to hang in a corner and suck up
the smartness. :)

Or, I'd love to help in a sprint to move to security proxies. It's a
major job of course, and the minimal job is to make proxies that
replicate the current very complex and idiosyncratic Zope2 security.
At least such a sprint should be able to locate any big problems and
"impossibilities" so we can think of a path to fix that.

-- 
Lennart Regebro: Zope and Plone consulting.
http://www.colliberty.com/
+33 661 58 14 64


More information about the Zope-Dev mailing list