[Zope] Request regarding 'Hotfixes'

[Bill Anderson]

I would like to ask that people developing patches to Zope that use the
same method as ZC Hotfixes _NOT_ call them Hotfixes. It is confusing and
misleading, and is causing a bit of a stir around here.

Hotfixes should be reserved to ZC fixes to Zope security issues. This is
the origin of the use in Zope, and many have already associated a Zope
Hotfix with a security fix.

Additionally, to those who review announcements/products on Zope.org for
publication, could you _please_ not approve those that call themselves
Hotfixes, unless of course they come from ZC? I have had a number of
people come to me and ask just what security problem there is with Image
tags, as a result of the recent Imagetag 'hotfix' announcement on
zope.org.

It is very important for the distinctin to be made. Consider the new
reporter, who has seen ZC/DC issue security fixes, labelling them
Hotfixes. Now imagine what happens when they see a list of fifteen,
twenty, thirty 'hotfixes', what are they going to assume? Yes, we would
hope they would do some research, though we _know_ that in many cases
they will not.
Next thing you know, Zope has twenty or thirty security exploits you
need to fix. We do not need this.

Anyway, just thought I would relay that. When I tell people these are
not issues, I then get questioned as to why they are labelled as
Hotfixes. Unfortunately, I do not have kind words with respect to the
announcement/author's naming choice to reply to that with.

The-road-to-a-bad-reputation-is-paved-with-mislabelled-hotfixes-ly y'rs
Bill Anderson