[Zope-dev] RFC: 3.4.1 KGS?
Christophe Combelles
ccomb at free.fr
Wed Mar 31 19:00:35 EDT 2010
Sebastien Douche a écrit :
> On Wed, Mar 31, 2010 at 14:50, Marius Gedminas <marius at gedmin.as> wrote:
>> Mostly I wanted to know if anybody was using the KGS in production and
>> interested in a point release.
>
> Yes! :)
>
>> I'm especially interested in setuptools 0.6c11, since
>> the KGS currently pins to 0.6c9, which doesn't support Subversion 1.6
>> checkouts.
>
> we use distribute w/o issue.
>
>> We use the 3.4 KGS in production with a few extra pins. Some fix
>> important bugs:
>>
>> zope.app.component = 3.4.2 # very important bugfix for BBB
>> ZODB3 = 3.8.4 # security fixes
>> zope.sendmail = 3.5.1 # This version handles the 5xx errors
>> zope.security = 3.4.2 # bugfixes for Python 2.5
>> setuptools = 0.6c11
>
> our vendor KGS:
>
> lxml = 2.2.2
> tl.eggdeps = 0.4
> transaction = 1.0a1
> z3c.batching = 1.1.0
> z3c.contents = 0.5.0
> z3c.coverage = 1.1.3
> z3c.etestbrowser = 1.3.0
> z3c.evalexception = 2.0
> z3c.i18n = 0.1.1
> z3c.layer.minimal = 1.2.0
> z3c.layer.pagelet = 1.0.1
There is a big security issue on this package. You should update to 1.0.2 as
soon as possible
1.0.2 (2009-04-03)
---------------------
http://pypi.python.org/pypi/z3c.layer.pagelet/1.0.2
- **Security issue:** The traverser defined for
``IPageletBrowserLayer`` was a trusted adapter, so the security
proxy got removed from each traversed object. Thus all sub-objects
were publically accessable, too.
Then have fun fixing all the security declaration. Everything seems easy with
z3c.layer.pagelet 1.0.1
> z3c.profiler = 0.7.1
> z3c.recipe.compattest = 0.11
> z3c.recipe.depgraph = 0.4.0sa1
> z3c.recipe.i18n = 0.5.4
> z3c.recipe.paster = 0.5.0
> z3c.table = 0.6.0
> z3c.testsetup = 0.5.1
> zc.recipe.egg = 1.2.2
> zope.sqlalchemy = 0.4
> zope.testing = 3.8.3sa1
>
> lxml, zope.testing & zope.etestbrowser are the most important update I guess.
>
>> * try to get a 3.4.1 release out of the door <-- this is where I'm
>> fuzzy. I think I used to have ssh access to download.zope.org, but I
>> don't even remember how you're supposed to use zope.release's bin/upload,
>> and I never knew how the releases were made.
>
> it's simple:
> - upload all eggs on the cheeseshop
> - create the controled-packages.cfg. Example:
> http://download.zope.org/zope3.4/3.4.0/controlled-packages.cfg
> - generate the site with zope.kgs
>
>
More information about the Zope-Dev
mailing list