Hi Brian, Brian Lloyd wrote: > As the person who unfailingly gets flamed no matter which way the > decisions leans :), I think we are probably at a point where we > should have an official, documented and community-agreed-to policy > on how these kinds of things will be handled.
My intent was not flaming anyone... Sorry for that. I just tried to take the voice of the "average" Zope-Admin (installs Zope from a recent stable release, waits for the security-maintainers of distros to get security patches etc.). > At a minimum, having a clear and documented policy would provide > the benefit of 'no surprises' - if you disagree with the policy, > or some aspect of it, you would at least be able to plan around it. Very good idea...:) If all Zope-Admins can read before an installation: "Security exploits will be exposed to the public as soon as they're resolved in the CVS" everyone will & should run Zope out of CVS. My point was: Give people a chance to react on exposed security flaws. The statement above will do that because people should be prepared...:) Cheers, Maik _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )