[Zope3-Users] Security alert: use of Through-the-Web
reStructuredText
David Pratt
fairwinds at eastlink.ca
Wed Jul 19 09:12:07 EDT 2006
Benji York wrote:
> David Pratt wrote:
>> What about the idea of maintaining a text file in the distribution
>> specific to possible security issues. Is this worth considering for
>> historical purposes so they do not get lost over time or implicitly
>> understood by only a handful of people.
>
> Exactly. Any package that needs security-related things verified should
> have a test (doctest in a text file) describing the problem and
> verifying that it has been fixed.
>
> I don't think we want a single file to hold them though, tests
> (including these) should normally live near the package that they test.
Ok this all makes perfect sense. The doctest is the right place for this
for sure. Just took me a while to see that everthing was already there
to deal with this as consistently as all other parts of zope3. It's all
good :-)
Regards,
David
More information about the Zope3-users
mailing list