Maik Jablonski wrote at 2004-1-21 23:42 +0100:
> ...
>If we don't have a easy-to-install-security-fix for such people (or a so
>called "stable" release, which works out of the box) we should a little
>bit cautious about releasing exploits. That's my point...
Almost all the issues covered by Zope
On Wed, 21 Jan 2004 16:16:15 -0800
Jamie Heilman <[EMAIL PROTECTED]> wrote:
> Maik Jablonski wrote:
> > There are many admins / users out there who aren't able to do this
> > (maybe they should learn it, but that's another point). Installing
> > Zope 2.6.3 was a big mess (even renaming in the ZMI
>>> Jamie Heilman wrote
> Given that ZC clearly doesn't have the resources available to do (a),
> irrespective of if its even technically feasible, we can rule it out.
> And (b), well (b) just screws everybody. Exploits are a byproduct of
> understanding the vulnerability, they're a natural part
Maik Jablonski wrote:
> There are many admins / users out there who aren't able to do this
> (maybe they should learn it, but that's another point). Installing Zope
> 2.6.3 was a big mess (even renaming in the ZMI was broken) and most
> people rolled back to 2.6.2. Some people run even 2.5.1 (lo
Hi Jamie,
Jamie Heilman wrote:
Hiding the bugs doesn't avoid anything, it just leaves zope
administrators helpless in the dark.
...
> How exactly was ZC
supposed to release a new version of Zope with the fixes but at the
same time not divulge the nature of the security flaws? Release an
obsfucate