[Zope] Securing Zope
Chris Withers
chrisw at nipltd.com
Thu Sep 25 07:47:33 EDT 2003
Robert Segall wrote:
> Sorry Chris, but that is NOT how security works: you have to take seriously
> any issue, no matter how unpleasant the manner in which it was raised.
Find the part where I mentioned security ;-)
> The issues raised by Jamie are legitimate, and they should be (eventually)
> dealt with. What the priority is I am not really sure - I doubt Zope will
> ever be a good idea in a truly high security environment. This is not a
> negative remark on the Zope development, but rather a reflection on any
> highly complex system.
Indeed. My comment is aimed to drive home the point about open source. If you
want to get stuff fixed, try and be nice about it, and be helpful. Then the
people are more inclined to help, rather than just ignoring the issues as the
vitriol of the terminally infantile...
...and, as you point out, ignoring real security issues is a "bad thing".
> seen). All in all it is your decision what you want to do about them, but you
> should at least be aware of their existence; dismissing them because they
> were pointed out in an impolite manner is not the answer.
I certainly didn't dismiss them, I see them as serious problems, but I don't
personally have the time/knowledge to fix them andthe style in which they are
presented means those who do have the time/knowledge aren't likely to fix them...
Chris
More information about the Zope
mailing list