[Zope3-Users] Security alert: use of Through-the-Web
reStructuredText
Jim Fulton
jim at zope.com
Wed Jul 19 10:09:37 EDT 2006
On Jul 19, 2006, at 8:35 AM, David Pratt wrote:
> Benji York wrote:
>> David Pratt wrote:
>>> You are probably right but just the same I'd rather see the
>>> patched version for z3 also since I am certain this will become
>>> less obvious over time if it is left the way it is.
>> Instead of maintaining a fork of docutils, Zope 3 should (and may
>> already, I haven't been keeping up with this issue) include tests
>> to make sure we're using docutils appropriately. Best of both
>> worlds: we have continued assurance we don't regress, and we don't
>> have to maintain a fork/patches.
>
> Hi Benji. Fair enough. What about the idea of maintaining a text
> file in the distribution specific to possible security issues. Is
> this worth considering for historical purposes so they do not get
> lost over time or implicitly understood by only a handful of
> people. Many thanks.
Docutils already provides such a document. It's there documenation.
Whoever made reST available TTW didn't read it. Providing another
document that people won't read won't help the situation. Whenever
we reuse 3rd-party code or write, we need be aware of security issues.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-users
mailing list