[Zope] still bad perception of Zope about security

kosh@aesaeion.com kosh@aesaeion.com
Tue, 26 Jun 2001 00:32:10 -0600 (MDT)


I think the simple answer is that your ISP is feeding you BS hoping you
won't know it for what it is. I have seen this in many different areas in
computing. Someone doesn't truly want to find the answer so they just say
the product foo which you named has security, scalability or stability
problems and sometimes all 3.

If you want check securityfocus yourself. There is nothing bad there about
zope. There have been a number of comments though about how fast zope has
fixed issues that were really minor overall. Almost every single zope
security issue so far was found by a programmer and fixed at the same
time. What this means is that nearly every single zope security problem
for the last year or more have been fixed the same day they were found and
generally have been announced at nearly the same time the patch is
announced.

ISPs are just afraid of something different I don't think it is that they
don't trust zope. It is that they don't know it.

Designing the webpages of tomorrow http://webme-eng.com
Designing the MMORPGS of tomorrow http://worldforge.org

On Mon, 25 Jun 2001, Jerome Alet wrote:

> Hi,
>
> I've just asked to an ISP of a website I maintain if he planned to provide
> Zope hosting in a near future.
>
> The answer was basically:
>
> ... Maybe but not yet, because there are still important security problems
> with Zope, according to securityfocus ... We can do that on dedicated
> servers but not on shared ones...
>
> So I've told him that no exploit was known, according to this mailing list
> and the recent thread on this subject, and that it was probably because DC
> takes security with care and often announce security problems as big
> threats even if there's a very small chance for them to be exploited.
>
> However I'm sure he will not be convinced by such a short reply.
>
> So I think something has to be done to restore Zope confidence around
> ISPs, but unfortunately I don't know what.
>
> bye,
>
> Jerome Alet
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>