Dieter Maurer wrote: > Adrian Hungate writes: > > .... > > > We should avoid sending the wrong > > > message by making a hotfix for every little thing. > > > > > > Shane > > > I'd like to second this. It was one of the contibuting factors in the > > decision of my former employers to opt for spectra instead of a Zope > > solution (That already existed!!). > I, in contrary, appreciate the openess and fast response with > respect to security problems. > > I do not install most hotfixes because the vulnerabilities do not > affect our sites but it is a good feeling that there are fast > fixes when this would be once the case.
In some way we need to make it clear that most hotfixes don't matter for most sites. A lot of hotfixes ensured that users who could write DTML couldn't get extra privileges. They really only mattered for sites like zope.org, where anyone with an email address is allowed to write code that will be executed directly on the server. But: 1) most Zope sites give a high level of trust to DTML authors anyway. There was no way to exploit most of the security holes without the ability to write DTML that runs on the server. 2) even a Zope administrator is still quite limited. In a standard setup, a Zope admin can't read/write arbitrary files or execute scripts. 3) Zope doesn't run as root. Even if someone found a way to get console access through a Zope admin account, they would have to exploit some other security hole to get root access. We need to make it clear that there are several layers of security, and only a single layer has ever had a problem AFAIK. Shane _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )