On Tue, 2 Apr 2002, Eron Lloyd wrote: > The problem here seems to be that you are trying to do XML-RPC communication > with a version of Zope that doesn't support XML-RPC out of the box. You
I think most people missed the point here. I don't think Rossen is asking for help on running zope or getting xml-rpc to work with it. He's observed a "security" problem: he believes the fact that a traceback including path names is included in the error response is a security exposure. This has been discussed on zope-dev before, but the fact remains that the security community *does* treat exposure of filesystem path information as a security issue. I believe the addition of the variable to control what happens with tracebacks addresses this issue from a security standpoint, which is probably all that Rossen cares about with regards to letting bugtraq know that "the security bug has been fixed". The fact that zope.org itself is still "insecure" in this sense may also be an issue, but not one that is going to get addressed before the new zope.org goes online. --RDM _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
