[Zope3-Users] Security alert: use of Through-the-Web reStructuredText

Benji York benji at zope.com
Wed Jul 19 08:47:48 EDT 2006


David Pratt wrote:
> What about the idea of maintaining a text file in 
> the distribution specific to possible security issues. Is this worth 
> considering for historical purposes so they do not get lost over time or 
> implicitly understood by only a handful of people.

Exactly.  Any package that needs security-related things verified should 
have a test (doctest in a text file) describing the problem and 
verifying that it has been fixed.

I don't think we want a single file to hold them though, tests 
(including these) should normally live near the package that they test.
-- 
Benji York
Senior Software Engineer
Zope Corporation


More information about the Zope3-users mailing list