Re: [Zope] Zope 2.8.x and python security audit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh well... no news is not always good news. I could also mean that PHP is much more popular and under more surveillance while python is only good known to professional crackers... The problem is, that in this usecase we won't be able to use Zope if there is no official, independent security certificate for it. Which could lead to such a certificate for Zope, but more likely to a commercial CMS for which a certificate exists. We are talking about a pharmaceutical company that is bound to international regulations regarding software systems in such companies. Especially all Interface functions have to be tested with every possible input. Regards, Sven Andreas Jung schrieb: --On 26. Januar 2006 10:13:35 +0100 Sven Deichmann [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello! I read on the german zope user group homepage, that Zope 2.8.4 is not supported on python 2.4.x, because of the missing security audit. That is good to know, but... who did the security audit for python 2.3.x? Where can I read about that? What was done? There was never an official protocol..the audit was executed at Zope Corporation (ask Jim Fulton for details). There were also some glitches with RestrictedPython that had to be fixed when switching to new Python version. (Where is the protocol?) That is a nice argument why one should prefer plone/zope/python over typo3/php, but only if we can prove that... I doubt that such an information matters much to _promote_ Zope Co. The weekly bugs in PHP are self-explanatory :-) -aj - -- - --- Information nimmt Gestalt an... - http://www.werkbank.com - --- Werkbank Multimedia GmbH * Bergstrasse 152 * 44791 Bochum * GER Fon: +49(0)234/ 935386-03 * Fax: 935386-06 * [EMAIL PROTECTED] - --- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkPZ2/QACgkQx3fK1szFYvmRNQCdGWTryfKGn/NMPpM2PRxjUqAn 6nQAn2sRSrlBRGKOGmXlJup0Guow9F1t =lyKL -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.8.x and python security audit
--On 27. Januar 2006 09:38:12 +0100 Sven Deichmann [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh well... no news is not always good news. I could also mean that PHP is much more popular and under more surveillance while python is only good known to professional crackers... The problem is, that in this usecase we won't be able to use Zope if there is no official, independent security certificate for it. Which could lead to such a certificate for Zope, but more likely to a commercial CMS for which a certificate exists. We are talking about a pharmaceutical company that is bound to international regulations regarding software systems in such companies. Especially all Interface functions have to be tested with every possible input. Then forget about Zope 2 and look at Z3. Zope 3 is currently on the way to be certified for the Common Criteria (hope this is the official name). You should look through the zope3-dev mailinglist archive for details. -aj pgpLeD6nO0NIc.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.8.x and python security audit
Sven Deichmann schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh well... no news is not always good news. I could also mean that PHP is much more popular and under more surveillance while python is only good known to professional crackers... The problem is, that in this usecase we won't be able to use Zope if there is no official, independent security certificate for it. While I wonder who could prossibly proofe PHP or PHP based solutions secure in the meaning of secureness in Zope. ;) Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.8.x and python security audit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, acutally secureness in this case has not really something to do with protection against attackers. It's more secureness in the sense of consistency and data security. The system has to be determined in every way and every step must be reversible and traceable. That is possible with PHP based solutions. But PHP is not necessarily what I meant ;) Regards, Sven Tino Wildenhain schrieb: Sven Deichmann schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh well... no news is not always good news. I could also mean that PHP is much more popular and under more surveillance while python is only good known to professional crackers... The problem is, that in this usecase we won't be able to use Zope if there is no official, independent security certificate for it. While I wonder who could prossibly proofe PHP or PHP based solutions secure in the meaning of secureness in Zope. ;) Regards Tino - -- - --- Information nimmt Gestalt an... - http://www.werkbank.com - --- Werkbank Multimedia GmbH * Bergstrasse 152 * 44791 Bochum * GER Fon: +49(0)234/ 935386-03 * Fax: 935386-06 * [EMAIL PROTECTED] - --- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkPZ59YACgkQx3fK1szFYvlj6ACfV2b+dKtKHZ1jI8RgXgbULSDs d4AAn06hzp1IM/I+n6blAJW5sDa0ybEs =t1El -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.8.x and python security audit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well. But when will that be? And when will Plone be ported to Z3? And when will Plone be certified? ;) And after all: Is Z3 ready to use? :D Sven Andreas Jung schrieb: --On 27. Januar 2006 09:38:12 +0100 Sven Deichmann [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh well... no news is not always good news. I could also mean that PHP is much more popular and under more surveillance while python is only good known to professional crackers... The problem is, that in this usecase we won't be able to use Zope if there is no official, independent security certificate for it. Which could lead to such a certificate for Zope, but more likely to a commercial CMS for which a certificate exists. We are talking about a pharmaceutical company that is bound to international regulations regarding software systems in such companies. Especially all Interface functions have to be tested with every possible input. Then forget about Zope 2 and look at Z3. Zope 3 is currently on the way to be certified for the Common Criteria (hope this is the official name). You should look through the zope3-dev mailinglist archive for details. -aj - -- - --- Information nimmt Gestalt an... - http://www.werkbank.com - --- Werkbank Multimedia GmbH * Bergstrasse 152 * 44791 Bochum * GER Fon: +49(0)234/ 935386-03 * Fax: 935386-06 * [EMAIL PROTECTED] - --- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkPZ6WgACgkQx3fK1szFYvndFACfX6qA2zE9qcPaZzZMF5JtYVEj rG8Ani08Ors7gdteo/lweTHEzTeFR0Eh =Bi0i -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope 2.8.x and python security audit
--On 26. Januar 2006 10:13:35 +0100 Sven Deichmann [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello! I read on the german zope user group homepage, that Zope 2.8.4 is not supported on python 2.4.x, because of the missing security audit. That is good to know, but... who did the security audit for python 2.3.x? Where can I read about that? What was done? There was never an official protocol..the audit was executed at Zope Corporation (ask Jim Fulton for details). There were also some glitches with RestrictedPython that had to be fixed when switching to new Python version. (Where is the protocol?) That is a nice argument why one should prefer plone/zope/python over typo3/php, but only if we can prove that... I doubt that such an information matters much to _promote_ Zope Co. The weekly bugs in PHP are self-explanatory :-) -aj pgpQgRmjlwmQu.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )