[Zope3-Users] Security alert: use of Through-the-Web
reStructuredText
David Pratt
fairwinds at eastlink.ca
Wed Jul 19 08:12:36 EDT 2006
Jim Fulton wrote:
>
> On Jul 18, 2006, at 2:55 PM, David Pratt wrote:
>
>> Hi Jim. I was noticing a 0.4.0-zope in distutils
>
> I don't know what you mean by this.
>
>> that looks patched with NotImplementedErrors for the offending code
>> in docutils.parsers.rst.directives.misc. Can you when this will land
>> in the Zope3 trunk?
Hi Jim.
Yes, I mean docutils, sorry.
>
> If you mean patching the docutils, then as far as I'm concerned, it will
> never land in the Zope 3 trunk.
>
> The right solution to this problem is to write applications that use
> docutils correctly, not to patch docutils.
You are probably right but just the same I'd rather see the patched
version for z3 also since I am certain this will become less obvious
over time if it is left the way it is.
Alternatively, perhaps a text file for these security issues could be
included in the distribution so it is not forgotten with any
recommendations for a programmer to avoid known security issues.
Regards,
David
More information about the Zope3-users
mailing list