Am 24.10.2006 um 15:11 schrieb Jens Vagelpohl:
Tres, I am afraid you seem to be the only one able to verify this.
IIRC the security fix is yours as - of course - is CMF. ;-)
The CMF is not tied to one person. No one has "responsibility for
all eternity" to fix it, even for no-longer-maintained versions.
Someone has to take decisions every now and then.
I am ready to remove irrelevant combinations, but in this case I
have been reluctant up to now because of the possible security
CMF 1.4 is unmaintained. This has been known for a long time.
Plone, as the largest "customer", prescribes specific Zope and CMF
versions, which obviously have been tested ad infinitum. I don't
see the value for continuing to automatically test combinations
that are not used.
Agreed, deprecate it and maybe consider introducing a process for
deprecation (as well as an easy way to check the version... wink)
Zope-CMF maillist - Zope-CMF@lists.zope.org
See http://collector.zope.org/CMF for bug reports and feature requests