-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tres, I am afraid you seem to be the only one able to verify this. IIRC the security fix is yours as - of course - is CMF. ;-)


The CMF is not tied to one person. No one has "responsibility for all eternity" to fix it, even for no-longer-maintained versions.


I am ready to remove irrelevant combinations, but in this case I have been reluctant up to now because of the possible security implications.

CMF 1.4 is unmaintained. This has been known for a long time. Plone, as the largest "customer", prescribes specific Zope and CMF versions, which obviously have been tested ad infinitum. I don't see the value for continuing to automatically test combinations that are not used.

jens


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFFPhEMRAx5nvEhZLIRAgIoAJ4/UUgy/OIDoKiqb8vVhlAWQgWIsgCgidrg
lT6hgw8C8TepZE/1yhwcnqc=
=Xh5G
-----END PGP SIGNATURE-----
_______________________________________________
Zope-CMF maillist  -  Zope-CMF@lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

Reply via email to