Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 16, 2006, at 7:29 PM, Richard Jones wrote: On Sunday 09 July 2006 22:56, Jim Fulton wrote: Whoever integrated reST didn't even read the documentation, much less the code. FWIW. The ZReST product was originally released by me around 2002 - before those directives existed. According to the docutils HISTORY file, the directives themselves added in 2003. The *warning* about them was added in 2004. The configuration to *disable* them appears to have been added in 2005. Fair enough. This points out that we need to be as vigilant when updating 3rd-party packages as when initially using them. I understand that you didn't upgrade distutils in Zope. Please understand, and this is directed to everyone in this discussion, it is not my goal to blame individuals. *We* made a mistake and we need to learn from it. We can't learn from mistakes and stop repeating them unless we admit them. We made a number of mistakes in this episode. We exposed (an update to) a 3rd-party library TTW without doing enough homework to be reasonably assured that it was safe. When we found a problem, we didn't write tests to assure that it was solved sufficiently. Again, I don't want to get on anyone's case, but I want to make sure that we follow processes that will reduce the chance of a repeat of something like this. What the hell docutils was doing turning this feature on by default... I don't think that TTW entry of reST was a use case for docutils. In it's normal usage, it makes sense for these to be enabled IMO. The onus should be on us, when we decide to expose something TTW to make sure that the power we're exposing is controlled. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Sunday 09 July 2006 22:56, Jim Fulton wrote: > Whoever integrated reST didn't even read the documentation, much less > the code. FWIW. The ZReST product was originally released by me around 2002 - before those directives existed. According to the docutils HISTORY file, the directives themselves added in 2003. The *warning* about them was added in 2004. The configuration to *disable* them appears to have been added in 2005. What the hell docutils was doing turning this feature on by default... Richard ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
Jim Fulton wrote at 2006-7-9 09:10 -0400: > ... >On Jul 8, 2006, at 3:51 PM, [EMAIL PROTECTED] wrote: >>... >> I agree with you that a feature ("file/url" inclusion code) >> physically removed from the shipped code can be considered no longer >> causing security risks -- even without extensive tests. > >Your recent expression of distain for testing causes me to be >unsurprised by this position. I do not feel distain for testing altogether -- just for testing posing a burden without significantly increasing quality... -- Dieter ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
--On 9. Juli 2006 08:51:12 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: We need a better chain of responsibility than that, especially when there is a known security thread. See above...it's not a question of general responsibility...it's a question of taking over the responsibility for a particular problem in particular situation...of course maintainers for modules are highly welcome...things are as they are in the Zope 2 world... I don't agree. Our current approach isn't working. I think we are all open for new ideas. But I doubt that we will find a better approach that would work. But as always I can be convinced of the opposite. -aj pgpZW8G4KzKkh.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 5:38 PM, Tino Wildenhain wrote: Jim Fulton wrote: ... You mean auditing. Testing would not help imho. Testing only checks if expected behavior still works. And nobody expects the spanish inquisiton *wink* ;) You can test that trying to do fil-inclusion fails. For example if I'd were the one who would have written the naive test - I would not have known a file inclusion feature even exists or is supposed to be exposed to reST. So my test would not have tested it. So we had perfectly tests for all the reST things we want and expect but the hole would exist anyway. I agree that testing is not enough if you don't know what to test for. It's sad that whoever enabled this didn't bother to read the docutils documentation which documents the feature and even provides warning about it's security issues: http://docutils.sourceforge.net/docs/ref/rst/ directives.html#including-an-external-document-fragment Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 3:51 PM, [EMAIL PROTECTED] wrote: ... This, time I am on your side, Andreas :-) I agree with you that a feature ("file/url" inclusion code) physically removed from the shipped code can be considered no longer causing security risks -- even without extensive tests. Your recent expression of distain for testing causes me to be unsurprised by this position. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 3:27 PM, Andreas Jung wrote: --On 8. Juli 2006 15:05:21 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: I think this applies here as well. 1. ZClasses are not a security threat. reST is. That's a huge difference. Being a security thread or not ...how will you prove that a module X is a thread or not? Without source code review every module has the potential to be a thread. I would never claim that the modules I've written or maintain in some way are totally safe... One difference is that between our code and 3rd-party code. I wrote the ZClasses code and paid a lot of attention to security. Whoever integrated reST didn't even read the documentation, much less the code. 2. This event illustrates that I was wrong. Possibly, but a lot of modules were written by ppl that are no longer active in the community and a lot of these modules are a real cruft that nobody want to touch (and that little ppl understand). For the time being we have to live with this situation in the Zope 2 world. The only way out is to replace more and more code with Zope 3 modules which is actually happening. So what does it mean to be a maintainer of a package? This is something that the Zope Foundation needs to work out. I'd like to start a discussion of this when Martijn gets back from vacation. Or perhaps we should put off the discussion till September when most people are back from vacation. A maintainer has to keep the code in shape and should of course care about security issues. But a maintainer might have a different view on security than you...so how to get out of this dilemma? Code audits? They would help but you know how much time they take (impractical for most code if you ask me). The current "unofficial" code auditing by watching the checkin lists seems to work to a certain degree (perhaps not directly related to security issues but to wrong code in general). Getting maintainers for Zope core packages is even more harder than some yrs ago when the Zope community wasn't split up as it is today (CPS, Zope3,Zope2, Plone, CMF). The common view on the Zope 2 core seems to be "it works, it's a cruft, don't touch it"..and ppl prefer to put their hands on other stuff outside the Zope 2 core. I am realistic enough to see that this won't change in the near future. My view is that both Zope 2 and Zope 3 are too big. IMO, they need to be split into smaller projects packaged more or less separately. reST and ZClasses should be add-ons, not a part of the code. It should be possible for each project/package to tell if the project is active. Then it's up to users to decide whether to take the risk of using an unsupported package. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 3:06 PM, Andreas Jung wrote: No, it is not. I haven't worked on the hotfix...so why would it be up to me write tests? It's not. The person who *did* write the hot-fix didn't want the feature in the first place. Tres stepped up and helped us in an emergency. I imagine that he isn't signing up to maintaint the feature. When you talk of "the feature"...you mean file inclusion? This feature was not supposed to be there. It was never a goal of reST to provide this feature. So Tres' solution (removing the code) is perfectly fine. No, the feature I'm talking about is TTW reST. Because reST has a feature that has to be turned off to be secure when processing text from untrusted users, it requires special care. There are a lot of modules where we don't want to take over the maintainer. The important thing is that we have clever ppl who understand the code and can deal with such problems in such a case. We need a better chain of responsibility than that, especially when there is a known security thread. See above...it's not a question of general responsibility...it's a question of taking over the responsibility for a particular problem in particular situation...of course maintainers for modules are highly welcome...things are as they are in the Zope 2 world... I don't agree. Our current approach isn't working. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
--On 9. Juli 2006 12:29:24 +0200 Willi Langenberger <[EMAIL PROTECTED]> wrote: @Tres: what is the reason to keep the 'raw' code in docutils? I am in favor to remove it and replace it with a NotImplementedError exception (same as for the the 'include' code). The related tests (for reStructredText and ZReST are commented for now) do except a NotImplementedError for a 'raw' directive. In ZWiki reST pages you can use the 'raw' directive to call e.g. python scripts (useful for custom index generation, ...). If it goes away due to security reasons, so be it. But if there is a way to keep the 'raw' functionality and remove only 'file' and 'include', we are certanly in favour of that... You mean 'file' and 'url'...they are now disabled. -aj pgp4EkTNzTT38.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
According to Andreas Jung: > >> Tres' patch is looking in fine to me. I don't see a need right now > >> for dropping reST with having file inclusing *removed*. > > > > Has anyone written tests for Tres' patch? Apparently no one wrote > > adequate tests for the last hot fix, which helped put us in this > > situation. > > I've written some tests (checked in on the trunk). They test the 'raw' > and 'include' directives Thank you, Andreas! We make extensive use of reST (via ZWiki) and it would be very hard for us to do without reST. > @Tres: what is the reason to keep the 'raw' code in docutils? I am in favor > to remove it and replace it with a NotImplementedError exception (same as > for the the 'include' code). The related tests (for reStructredText and > ZReST are commented for now) do except a NotImplementedError for a 'raw' > directive. In ZWiki reST pages you can use the 'raw' directive to call e.g. python scripts (useful for custom index generation, ...). If it goes away due to security reasons, so be it. But if there is a way to keep the 'raw' functionality and remove only 'file' and 'include', we are certanly in favour of that... \wlang{} -- [EMAIL PROTECTED]Fax: +43/1/31336/9207 Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
--On 8. Juli 2006 07:45:01 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: On Jul 8, 2006, at 1:11 AM, Andreas Jung wrote: --On 7. Juli 2006 11:03:06 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: I think we should do a 2.9.4 release to incorporate the recent hot fix. This is easy for me to say, since I won't be doing it. :) Because this recent fix actually fixed the same problem that the previous hot fix was supposed to fix, I think someone needs to work up some decent tests. This is not a trivial task, bit it is necessary. If no one is willing to do this, I think we need to drop the TTW reStructuredText support from Zope 2, as it is too great a risk. Dropping TTW reST is absolutely not an option. I breaks backward compatibility. Sorry, security trumps backward compatibility. BTW, I suspect that a less violent patch could be created, if anyone wants to champion TTW reStructuedText support in Zope 2. Personally, I'm for dropping it. Tres' patch is looking in fine to me. I don't see a need right now for dropping reST with having file inclusing *removed*. Has anyone written tests for Tres' patch? Apparently no one wrote adequate tests for the last hot fix, which helped put us in this situation. I've written some tests (checked in on the trunk). They test the 'raw' and 'include' directives @Tres: what is the reason to keep the 'raw' code in docutils? I am in favor to remove it and replace it with a NotImplementedError exception (same as for the the 'include' code). The related tests (for reStructredText and ZReST are commented for now) do except a NotImplementedError for a 'raw' directive. Andreas pgpxhvtKf3mXC.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
Jim Fulton wrote: > ... >> You mean auditing. Testing would not help imho. Testing >> only checks if expected behavior still works. And nobody >> expects the spanish inquisiton *wink* ;) > > You can test that trying to do fil-inclusion fails. > For example if I'd were the one who would have written the naive test - I would not have known a file inclusion feature even exists or is supposed to be exposed to reST. So my test would not have tested it. So we had perfectly tests for all the reST things we want and expect but the hole would exist anyway. To cut a long story short, I guess the current fix can work or there can be other holes (which we constantly would not be aware no matter how many tests tell us the file inclusion does not work anymore). So whats the solution? Audit of the docutils package? Putting it into restricted environment like the other template engines? Inclusion of own docutils like, but audited code? Regards Tino ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
Andreas Jung wrote at 2006-7-8 14:12 +0200: > ... removing TTW reST ... [Andreas] >In addition I don't see a big problem for Zope-only(!) apps. Of course, you must also consider applications built on top of Zope -- such as "ZWiki" and "Plone". They, too, need to be protected. [Jim] ... retain only when someone takes responsibility ... >> Otherwise it has to go. [Andreas] >No :-) This, time I am on your side, Andreas :-) I agree with you that a feature ("file/url" inclusion code) physically removed from the shipped code can be considered no longer causing security risks -- even without extensive tests. I also agree with you, that this is preferable to dropping "reST" altogether (despite the fact, that I personnally do not use it). Of course, an artistically set Python path could cause Python's docutils to be used -- but hey, that's then a locally caused problem. -- Dieter ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
--On 8. Juli 2006 15:05:21 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: I think this applies here as well. 1. ZClasses are not a security threat. reST is. That's a huge difference. Being a security thread or not ...how will you prove that a module X is a thread or not? Without source code review every module has the potential to be a thread. I would never claim that the modules I've written or maintain in some way are totally safe... 2. This event illustrates that I was wrong. Possibly, but a lot of modules were written by ppl that are no longer active in the community and a lot of these modules are a real cruft that nobody want to touch (and that little ppl understand). For the time being we have to live with this situation in the Zope 2 world. The only way out is to replace more and more code with Zope 3 modules which is actually happening. So what does it mean to be a maintainer of a package? A maintainer has to keep the code in shape and should of course care about security issues. But a maintainer might have a different view on security than you...so how to get out of this dilemma? Code audits? They would help but you know how much time they take (impractical for most code if you ask me). The current "unofficial" code auditing by watching the checkin lists seems to work to a certain degree (perhaps not directly related to security issues but to wrong code in general). Getting maintainers for Zope core packages is even more harder than some yrs ago when the Zope community wasn't split up as it is today (CPS, Zope3,Zope2, Plone, CMF). The common view on the Zope 2 core seems to be "it works, it's a cruft, don't touch it"..and ppl prefer to put their hands on other stuff outside the Zope 2 core. I am realistic enough to see that this won't change in the near future. Andreas pgp7YXTRWMkZp.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
--On 8. Juli 2006 14:42:31 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: This can happen all the time. A problem in the release process does not justify the removal of a feature until we tried our best to solve the problem. Use the sledge hammer as a last resort. The problem in the release process was an inattention to basic process. This is unacceptable in a security-related issue. This can happen all the time, it should not happen..but it happened (likely because the private emails around this issue caused a lot of trouble and noise). You seem to be the only one championing TTW reST? I am only champion against crude removal of features and against and a shortsighted preception. That doesn't deserve an answer. Sorry for being harsh but the lack of tests after two days is really not appropriate approach. Who said anything about 2 days. I said we need tests and we need someone to be responsible for this feature or we'll have to drop the feature. I didn't say we had to drop it right this second. It sounded to me that way.. Are you unwilling to write the tests necessary to keep it? This is really not the point. As release manager I am allowed to speak up. But that does not imply I have to fix all and everything. Yes, it really is the point. No, it is not. I haven't worked on the hotfix...so why would it be up to me write tests? It's not. The person who *did* write the hot-fix didn't want the feature in the first place. Tres stepped up and helped us in an emergency. I imagine that he isn't signing up to maintaint the feature. When you talk of "the feature"...you mean file inclusion? This feature was not supposed to be there. It was never a goal of reST to provide this feature. So Tres' solution (removing the code) is perfectly fine. There are a lot of modules where we don't want to take over the maintainer. The important thing is that we have clever ppl who understand the code and can deal with such problems in such a case. The problem is that we have a feature with an implementation that is a security risk. We have a feature that doesn't seem to have a champion -- because no one is willing to come forward and maintain it properly. In that case, the feature is orphaned and we have to get rid of it. It is too risky to keep it under the circumstances. I'm perfectly willing to keep it if someone takes responsibility. That hasn't happened yet. See above...it's not a question of general responsibility...it's a question of taking over the responsibility for a particular problem in particular situation...of course maintainers for modules are highly welcome...things are as they are in the Zope 2 world... Andreas pgpfGiElKvSY5.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 2:47 PM, Andreas Jung wrote: --On 8. Juli 2006 14:37:06 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: On Jul 8, 2006, at 11:32 AM, Tino Wildenhain wrote: ... You seem to be the only one championing TTW reST? I am only champion against crude removal of features and against and a shortsighted preception. I'm for keeping it (or something like it) too. Are you volunteering to do a decent job of maintaining it? During the keep-or-don't-keep-zclasses discusssionyou said something like "not every package needs a maintainer in order keep it in the zope core". I think this applies here as well. 1. ZClasses are not a security threat. reST is. That's a huge difference. 2. This event illustrates that I was wrong. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: The hotfix that isn't? (was: Re: [Zope-dev] 2.9.4? reStructuredText support?)
On Jul 8, 2006, at 10:53 AM, Sidnei da Silva wrote: Just to make the matters clear, when you say 'the last hotfix' Jim, do you mean the Hotfix-20060705? No, I was referring to the one before that. The November '0f hot fix purported to solve the same problem. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
--On 8. Juli 2006 14:37:06 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: On Jul 8, 2006, at 11:32 AM, Tino Wildenhain wrote: ... You seem to be the only one championing TTW reST? I am only champion against crude removal of features and against and a shortsighted preception. I'm for keeping it (or something like it) too. Are you volunteering to do a decent job of maintaining it? During the keep-or-don't-keep-zclasses discusssionyou said something like "not every package needs a maintainer in order keep it in the zope core". I think this applies here as well. Andreas pgpSnyVGo4IS9.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 10:41 AM, Andreas Jung wrote: --On 8. Juli 2006 10:16:30 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: Yes, someone has to write the tests at some time, soon. Right. Before 2.10. ...so we have some time... Sadly, but that's a different problem. As I pointed out the risk is minimal for Zope-apps because you need to have access to the ZMI.. No, it's not. Getting at arbitrary files is not acceptable from the ZMI. ...which won't be possible with *removed* file inclusion code... Good, right some tests and prove it. so what are security concerns in this case? And file inclusion won't work if the related code is stripped off...so what are your security concerns in this case? I am concerned by the lack of tests. Whoever created the last hot fix was sure the problem was fixed. They were wrong and we're paying the price. This can happen all the time. A problem in the release process does not justify the removal of a feature until we tried our best to solve the problem. Use the sledge hammer as a last resort. The problem in the release process was an inattention to basic process. This is unacceptable in a security-related issue. You seem to be the only one championing TTW reST? I am only champion against crude removal of features and against and a shortsighted preception. That doesn't deserve an answer. Sorry for being harsh but the lack of tests after two days is really not appropriate approach. Who said anything about 2 days. I said we need tests and we need someone to be responsible for this feature or we'll have to drop the feature. I didn't say we had to drop it right this second. Are you unwilling to write the tests necessary to keep it? This is really not the point. As release manager I am allowed to speak up. But that does not imply I have to fix all and everything. Yes, it really is the point. No, it is not. I haven't worked on the hotfix...so why would it be up to me write tests? It's not. The person who *did* write the hot-fix didn't want the feature in the first place. Tres stepped up and helped us in an emergency. I imagine that he isn't signing up to maintaint the feature. I don't want blame Tres...he was doing his best in the situation...but this is totally unrelated that I would be unwilling to write tests in this case. That's fine. I would have helped but it was late evening and at some point you need some sleep... That's fine too. I know it was late and you tried to help. You were there and helping and I appreciate it. I really do. A lot. So, we're past the emergency -- we hope. The problem is that we have a feature with an implementation that is a security risk. We have a feature that doesn't seem to have a champion -- because no one is willing to come forward and maintain it properly. In that case, the feature is orphaned and we have to get rid of it. It is too risky to keep it under the circumstances. I'm perfectly willing to keep it if someone takes responsibility. That hasn't happened yet. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 11:32 AM, Tino Wildenhain wrote: ... You seem to be the only one championing TTW reST? I am only champion against crude removal of features and against and a shortsighted preception. I'm for keeping it (or something like it) too. Are you volunteering to do a decent job of maintaining it? That doesn't deserve an answer. Are you unwilling to write the tests necessary to keep it? This is really not the point. As release manager I am allowed to speak up. But that does not imply I have to fix all and everything. Yes, it really is the point. We've had a serious security failure due to a lack of adequate testing. This is not acceptable. You mean auditing. Testing would not help imho. Testing only checks if expected behavior still works. And nobody expects the spanish inquisiton *wink* ;) You can test that trying to do fil-inclusion fails. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: The hotfix that isn't? (was: Re: [Zope-dev] 2.9.4? reStructuredText support?)
On Jul 8, 2006, at 12:05 PM, Alec Mitchell wrote: On 7/8/06, Sidnei da Silva <[EMAIL PROTECTED]> wrote: Just to make the matters clear, when you say 'the last hotfix' Jim, do you mean the Hotfix-20060705? I ask because I'm about to roll a hotfix installer for Plone and if there's an issue with that one I can hold back the installer. It looks to me like the only issue with it is the lack of tests. The inadequate hotfix appears to be one from last fall which attempted to address the same issue. Right Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: The hotfix that isn't? (was: Re: [Zope-dev] 2.9.4? reStructuredText support?)
On 7/8/06, Sidnei da Silva <[EMAIL PROTECTED]> wrote: Just to make the matters clear, when you say 'the last hotfix' Jim, do you mean the Hotfix-20060705? I ask because I'm about to roll a hotfix installer for Plone and if there's an issue with that one I can hold back the installer. It looks to me like the only issue with it is the lack of tests. The inadequate hotfix appears to be one from last fall which attempted to address the same issue. Alec ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
... >> >>> You seem to be the only one championing TTW reST? >> >> I am only champion against crude removal of features and against and a >> shortsighted preception. I'm for keeping it (or something like it) too. > That doesn't deserve an answer. > >>> Are you unwilling to >>> write the tests necessary to keep it? >> >> This is really not the point. As release manager I am allowed to speak >> up. But that does not imply I have to fix all and everything. > > Yes, it really is the point. We've had a serious security failure due to > a lack > of adequate testing. This is not acceptable. You mean auditing. Testing would not help imho. Testing only checks if expected behavior still works. And nobody expects the spanish inquisiton *wink* ;) Regards Tino ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
The hotfix that isn't? (was: Re: [Zope-dev] 2.9.4? reStructuredText support?)
Just to make the matters clear, when you say 'the last hotfix' Jim, do you mean the Hotfix-20060705? I ask because I'm about to roll a hotfix installer for Plone and if there's an issue with that one I can hold back the installer. -- Sidnei da Silva Enfold Systemshttp://enfoldsystems.com Fax +1 832 201 8856 Office +1 713 942 2377 Ext 214 ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
--On 8. Juli 2006 10:16:30 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: Yes, someone has to write the tests at some time, soon. Right. Before 2.10. ...so we have some time... As I pointed out the risk is minimal for Zope-apps because you need to have access to the ZMI.. No, it's not. Getting at arbitrary files is not acceptable from the ZMI. ...which won't be possible with *removed* file inclusion code... so what are security concerns in this case? And file inclusion won't work if the related code is stripped off...so what are your security concerns in this case? I am concerned by the lack of tests. Whoever created the last hot fix was sure the problem was fixed. They were wrong and we're paying the price. This can happen all the time. A problem in the release process does not justify the removal of a feature until we tried our best to solve the problem. Use the sledge hammer as a last resort. You seem to be the only one championing TTW reST? I am only champion against crude removal of features and against and a shortsighted preception. That doesn't deserve an answer. Sorry for being harsh but the lack of tests after two days is really not appropriate approach. Are you unwilling to write the tests necessary to keep it? This is really not the point. As release manager I am allowed to speak up. But that does not imply I have to fix all and everything. Yes, it really is the point. No, it is not. I haven't worked on the hotfix...so why would it be up to me write tests? I don't want blame Tres...he was doing his best in the situation...but this is totally unrelated that I would be unwilling to write tests in this case. I would have helped but it was late evening and at some point you need some sleep... Andreas We've had a serious security failure due to a lack of adequate testing. This is not acceptable. pgpt03d7d9xwO.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 10:09 AM, Andreas Jung wrote: --On 8. Juli 2006 09:53:47 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: ... Tres came up with this sledge hammer because he has no confidence in people's willingness to test and implement this feature properly. I am fine with the sledge-hammer. I've never claimed that we need to support file insertion and raw support in any way. We don't need, we can kick it. But removing or disabling a feature because we are possibly incompetent would be just ridiculous. I can live with the sledge hammer for Zope 2. All I ask for is tests. If there are tests for each way of invoking reST through the web that verifies that file-inclusion isn't enabled, then it's alright with me if the sledge hammer is used to make the tests pass. I won't tolerate an untested feature with so much security risk. Yes, someone has to write the tests at some time, soon. Right. Before 2.10. As I pointed out the risk is minimal for Zope-apps because you need to have access to the ZMI.. No, it's not. Getting at arbitrary files is not acceptable from the ZMI. so what are security concerns in this case? And file inclusion won't work if the related code is stripped off...so what are your security concerns in this case? I am concerned by the lack of tests. Whoever created the last hot fix was sure the problem was fixed. They were wrong and we're paying the price. I'll also note that the sledgehammer might not itself be safe in the presence of the various reload products for Zope 3. Would Tres' patch be defeated by reloading docutils.parsers.rst.directives.misc? Is there a chance that a reload product could reload this module and undo the fix? I dunno. It is worrisome. You seem to be the only one championing TTW reST? I am only champion against crude removal of features and against and a shortsighted preception. That doesn't deserve an answer. Are you unwilling to write the tests necessary to keep it? This is really not the point. As release manager I am allowed to speak up. But that does not imply I have to fix all and everything. Yes, it really is the point. We've had a serious security failure due to a lack of adequate testing. This is not acceptable. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
--On 8. Juli 2006 09:53:47 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: Maybe you aren't listening. I am listening very well. Tres came up with this sledge hammer because he has no confidence in people's willingness to test and implement this feature properly. I am fine with the sledge-hammer. I've never claimed that we need to support file insertion and raw support in any way. We don't need, we can kick it. But removing or disabling a feature because we are possibly incompetent would be just ridiculous. I can live with the sledge hammer for Zope 2. All I ask for is tests. If there are tests for each way of invoking reST through the web that verifies that file-inclusion isn't enabled, then it's alright with me if the sledge hammer is used to make the tests pass. I won't tolerate an untested feature with so much security risk. Yes, someone has to write the tests at some time, soon. As I pointed out the risk is minimal for Zope-apps because you need to have access to the ZMI.. so what are security concerns in this case? And file inclusion won't work if the related code is stripped off...so what are your security concerns in this case? I'll also note that the sledgehammer might not itself be safe in the presence of the various reload products for Zope 3. Would Tres' patch be defeated by reloading docutils.parsers.rst.directives.misc? Is there a chance that a reload product could reload this module and undo the fix? I dunno. It is worrisome. You seem to be the only one championing TTW reST? I am only champion against crude removal of features and against and a shortsighted preception. Are you unwilling to write the tests necessary to keep it? This is really not the point. As release manager I am allowed to speak up. But that does not imply I have to fix all and everything. Andreas pgpcx3gJ4ogbH.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 9:17 AM, Andreas Jung wrote: On Jul 8, 2006, at 8:12 AM, Andreas Jung wrote: --On 8. Juli 2006 07:45:01 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: Only if there is no other option. Tres' patch seems to resolve this issue and with further testing there is no need to remove the functionality. "Seems" isn't good enough. It's not even close. The hot fix last fall "seemed" to fix the problem. :( That's is still not an argument. I'll agree with you when we are all convinced that we are all unable to fix this issue if a reasonable effort or when come to conclusion that Docutils is a problem by itself...sorry, but we are not at that point so far. Otherwise it has to go. No :-) Wrong. Sorry, I'll invoke Pope if I have to. Sorry Jim, that's weak. See above. I'll accept the decision of the Pope as long as it is comprehensible...so far it is not. Maybe you aren't listening. Tres came up with this sledge hammer because he has no confidence in people's willingness to test and implement this feature properly. I am fine with the sledge-hammer. I've never claimed that we need to support file insertion and raw support in any way. We don't need, we can kick it. But removing or disabling a feature because we are possibly incompetent would be just ridiculous. I can live with the sledge hammer for Zope 2. All I ask for is tests. If there are tests for each way of invoking reST through the web that verifies that file-inclusion isn't enabled, then it's alright with me if the sledge hammer is used to make the tests pass. I won't tolerate an untested feature with so much security risk. I'll also note that the sledgehammer might not itself be safe in the presense of the various reload products for Zope 3. Would Tres' patch be defeated by reloading docutils.parsers.rst.directives.misc? Is there a chance that a reload product could reload this module and undo the fix? I dunno. It is worrisome. You seem to be the only one championing TTW reST? Are you unwilling to write the tests necessary to keep it? If so, it's hard to have any sympathy for your desire to keep it. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 8:12 AM, Andreas Jung wrote: --On 8. Juli 2006 07:45:01 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: Only if there is no other option. Tres' patch seems to resolve this issue and with further testing there is no need to remove the functionality. "Seems" isn't good enough. It's not even close. The hot fix last fall "seemed" to fix the problem. :( That's is still not an argument. I'll agree with you when we are all convinced that we are all unable to fix this issue if a reasonable effort or when come to conclusion that Docutils is a problem by itself...sorry, but we are not at that point so far. Otherwise it has to go. No :-) Wrong. Sorry, I'll invoke Pope if I have to. Sorry Jim, that's weak. See above. I'll accept the decision of the Pope as long as it is comprehensible...so far it is not. Tres came up with this sledge hammer because he has no confidence in people's willingness to test and implement this feature properly. I am fine with the sledge-hammer. I've never claimed that we need to support file insertion and raw support in any way. We don't need, we can kick it. But removing or disabling a feature because we are possibly incompetent would be just ridiculous. Andreas pgpjVi7J8VaAa.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 8:12 AM, Andreas Jung wrote: --On 8. Juli 2006 07:45:01 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: On Jul 8, 2006, at 1:11 AM, Andreas Jung wrote: --On 7. Juli 2006 11:03:06 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: I think we should do a 2.9.4 release to incorporate the recent hot fix. This is easy for me to say, since I won't be doing it. :) Because this recent fix actually fixed the same problem that the previous hot fix was supposed to fix, I think someone needs to work up some decent tests. This is not a trivial task, bit it is necessary. If no one is willing to do this, I think we need to drop the TTW reStructuredText support from Zope 2, as it is too great a risk. Dropping TTW reST is absolutely not an option. I breaks backward compatibility. Sorry, security trumps backward compatibility. Only if there is no other option. Tres' patch seems to resolve this issue and with further testing there is no need to remove the functionality. "Seems" isn't good enough. It's not even close. The hot fix last fall "seemed" to fix the problem. :( Heck (I wanted to use another 4-letter-word, because I'm getting kinda angry), even the current patch hasn't been adequately tested. Michael suggested that the patch needed to be tested against all recent Zope versions. Has this been done? I don't think so. Do we even have *tests* that it works? I doubt it. I don't fault Tres for this. We needed to get the hotfix out in a hurry. Do I think Tres should have to write tests for this? After he plugged a hole in something he didn't want included in the first place? Heck no. BTW, I suspect that a less violent patch could be created, if anyone wants to champion TTW reStructuedText support in Zope 2. Personally, I'm for dropping it. Tres' patch is looking in fine to me. I don't see a need right now for dropping reST with having file inclusing *removed*. Has anyone written tests for Tres' patch? Apparently no one wrote adequate tests for the last hot fix, which helped put us in this situation. I'm not opposed to keeping TTW reST if *someone takes responsibility* for it. I don't see this happening. If someone cares enough about TTW reST to stand behind it and properly address the security risks by writing tests, then great. There is currently litte need to break this over the knee. We have a hotfix, we have a stripped down version of Docutils. We have some time until the next releases. Perhaps nobody had time so far (at least me) for writing further tests..that does not mean that nobody takes responsibility. If we would rip of everything from Zope 2 where nobody takes over responsibilitywhat would be left? In addition I don't see a big problem for Zope-only(!) apps. Using reST in Zope requires access to the ZMI which is in general available only to trusted users. Removing TTW-editing of reST in Zope does *not* solve any problem e.g. for Plone where reST can be edited through the Plone UI by usually untrusted users. It is *our* task to make reST (basically Docutils) secure enough. It's safe enough for Zope-only apps but I agree that the Docutils code and the "hotfix" requires some more testing and review. Otherwise it has to go. No :-) Wrong. Sorry, I'll invoke Pope if I have to. I'm not talking about 2.9 and earlier. but if no one takes responsibility for this feature, wi'll rip it out of 2.10. It reflects a sorry, but perhaps sadly accurate, view of the community's commitment to quality. :( Sorry, I've no idea what you mean with this remark. Tres came up with this sledge hammer because he has no confidence in people's willingness to test and implement this feature properly. Sadly, he has good evidence for this point of view. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
--On 8. Juli 2006 07:45:01 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: On Jul 8, 2006, at 1:11 AM, Andreas Jung wrote: --On 7. Juli 2006 11:03:06 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: I think we should do a 2.9.4 release to incorporate the recent hot fix. This is easy for me to say, since I won't be doing it. :) Because this recent fix actually fixed the same problem that the previous hot fix was supposed to fix, I think someone needs to work up some decent tests. This is not a trivial task, bit it is necessary. If no one is willing to do this, I think we need to drop the TTW reStructuredText support from Zope 2, as it is too great a risk. Dropping TTW reST is absolutely not an option. I breaks backward compatibility. Sorry, security trumps backward compatibility. Only if there is no other option. Tres' patch seems to resolve this issue and with further testing there is no need to remove the functionality. BTW, I suspect that a less violent patch could be created, if anyone wants to champion TTW reStructuedText support in Zope 2. Personally, I'm for dropping it. Tres' patch is looking in fine to me. I don't see a need right now for dropping reST with having file inclusing *removed*. Has anyone written tests for Tres' patch? Apparently no one wrote adequate tests for the last hot fix, which helped put us in this situation. I'm not opposed to keeping TTW reST if *someone takes responsibility* for it. I don't see this happening. If someone cares enough about TTW reST to stand behind it and properly address the security risks by writing tests, then great. There is currently litte need to break this over the knee. We have a hotfix, we have a stripped down version of Docutils. We have some time until the next releases. Perhaps nobody had time so far (at least me) for writing further tests..that does not mean that nobody takes responsibility. If we would rip of everything from Zope 2 where nobody takes over responsibilitywhat would be left? In addition I don't see a big problem for Zope-only(!) apps. Using reST in Zope requires access to the ZMI which is in general available only to trusted users. Removing TTW-editing of reST in Zope does *not* solve any problem e.g. for Plone where reST can be edited through the Plone UI by usually untrusted users. It is *our* task to make reST (basically Docutils) secure enough. It's safe enough for Zope-only apps but I agree that the Docutils code and the "hotfix" requires some more testing and review. Otherwise it has to go. No :-) It reflects a sorry, but perhaps sadly accurate, view of the community's commitment to quality. :( Sorry, I've no idea what you mean with this remark. Andreas pgp0Qll2KK3JE.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 8, 2006, at 1:11 AM, Andreas Jung wrote: --On 7. Juli 2006 11:03:06 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: I think we should do a 2.9.4 release to incorporate the recent hot fix. This is easy for me to say, since I won't be doing it. :) Because this recent fix actually fixed the same problem that the previous hot fix was supposed to fix, I think someone needs to work up some decent tests. This is not a trivial task, bit it is necessary. If no one is willing to do this, I think we need to drop the TTW reStructuredText support from Zope 2, as it is too great a risk. Dropping TTW reST is absolutely not an option. I breaks backward compatibility. Sorry, security trumps backward compatibility. BTW, I suspect that a less violent patch could be created, if anyone wants to champion TTW reStructuedText support in Zope 2. Personally, I'm for dropping it. Tres' patch is looking in fine to me. I don't see a need right now for dropping reST with having file inclusing *removed*. Has anyone written tests for Tres' patch? Apparently no one wrote adequate tests for the last hot fix, which helped put us in this situation. I'm not opposed to keeping TTW reST if *someone takes responsibility* for it. I don't see this happening. If someone cares enough about TTW reST to stand behind it and properly address the security risks by writing tests, then great. Otherwise it has to go. I also think Tres' patch was the right emergency measure, but I'm not so sure it is the right long-term fix. It reflects a sorry, but perhaps sadly accurate, view of the community's commitment to quality. :( Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
--On 7. Juli 2006 11:03:06 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote: I think we should do a 2.9.4 release to incorporate the recent hot fix. This is easy for me to say, since I won't be doing it. :) Because this recent fix actually fixed the same problem that the previous hot fix was supposed to fix, I think someone needs to work up some decent tests. This is not a trivial task, bit it is necessary. If no one is willing to do this, I think we need to drop the TTW reStructuredText support from Zope 2, as it is too great a risk. Dropping TTW reST is absolutely not an option. I breaks backward compatibility. BTW, I suspect that a less violent patch could be created, if anyone wants to champion TTW reStructuedText support in Zope 2. Personally, I'm for dropping it. Tres' patch is looking in fine to me. I don't see a need right now for dropping reST with having file inclusing *removed*. -aj pgpUu9iidzc4Z.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Jul 7, 2006, at 12:17 PM, Stefan H. Holek wrote: Tres' patch (removing 'include' and 'raw' altogether) looks fairly low on violence to me. No reason to drop reST from Zope, IMO. Well, I wouldn't want to apply the patch for Z3, as we use reST on the file system and include and raw have legitimate uses. In fact, I think include and maybe even include of "system" files could have use in some TTW applications. In fact, Tres' patch would make it hard to a well-written 3rd-party Zope 2 app to use raw in legitimate way. Don't get me wrong. I like Tres' patch. It was absolutely the best patch for the situation at hand. Jim -- Jim Fulton mailto:[EMAIL PROTECTED]Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporationhttp://www.zope.com http://www.zope.org ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
Tres' patch (removing 'include' and 'raw' altogether) looks fairly low on violence to me. No reason to drop reST from Zope, IMO. Stefan On 7. Jul 2006, at 17:03, Jim Fulton wrote: BTW, I suspect that a less violent patch could be created, if anyone wants to champion TTW reStructuedText support in Zope 2. Personally, I'm for dropping it. -- Anything that, in happening, causes something else to happen, causes something else to happen. --Douglas Adams ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.9.4? reStructuredText support?
Jim Fulton wrote: BTW, I suspect that a less violent patch could be created, if anyone wants to champion TTW reStructuedText support in Zope 2. Personally, I'm for dropping it. +1 on dropping it completely, but then I hate all types of structured text so I doubt I'm in the majority... Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )