[Zope3-Users] Security alert: use of Through-the-Web
reStructuredText
David Pratt
fairwinds at eastlink.ca
Wed Jul 19 08:35:08 EDT 2006
Benji York wrote:
> David Pratt wrote:
>> You are probably right but just the same I'd rather see the patched
>> version for z3 also since I am certain this will become less obvious
>> over time if it is left the way it is.
>
> Instead of maintaining a fork of docutils, Zope 3 should (and may
> already, I haven't been keeping up with this issue) include tests to
> make sure we're using docutils appropriately. Best of both worlds: we
> have continued assurance we don't regress, and we don't have to maintain
> a fork/patches.
Hi Benji. Fair enough. What about the idea of maintaining a text file in
the distribution specific to possible security issues. Is this worth
considering for historical purposes so they do not get lost over time or
implicitly understood by only a handful of people. Many thanks.
Regards,
David
More information about the Zope3-users
mailing list