[Zope3-dev] Excessive long traceback info in TALES

Chris McDonough chrism@zope.com
10 Dec 2002 13:54:47 -0500


I'd hate to see the "end user vs. developer" paradigm indecision form
roots in Zope 3, and since we've claimed that Zope 3 is for developers,
and because end users won't be able to make any sense out of the
traceback anyway, it should probably just log the full traceback
(including filenames) and never ever output it to the browser.

On Tue, 2002-12-10 at 13:39, Barry A. Warsaw wrote:
> 
> >>>>> "BL" == Brian Lloyd <brian@zope.com> writes:
> 
>     BL> FWIW, keeping filenames out of tracebacks was a fairly strong
>     BL> goal of the traceback hackery we've done thus far. It was done
>     BL> in response to numerous recurring "security-related bug
>     BL> reports", with people feeling that any disclosure of filenames
>     BL> is bad. While one can argue that point, we've had people in
>     BL> the past willing to post this as a "security issue" on public
>     BL> security-related sites, and it's really not a good use of time
>     BL> trying to fight that sort of PR battle.
> 
> It's clear that there are at least two audiences for these tracebacks,
> the end user and the developer.  Developers are going to find Pythonic
> tracebacks much easier to read, so they should be enabled in the cvs.
> But official Zope releases should ship with end-user tracebacks
> enabled.
> 
> -Barry
> 
> _______________________________________________
> Zope3-dev mailing list
> Zope3-dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope3-dev