On Thu, 2003-03-13 at 22:09, Jamie Heilman wrote: > Chris McDonough wrote: > > I'm wondering if you might consider applying for checkin privileges. > > I've considered it. I don't think you need anymore cooks, maybe just > a few more recipes.
We have many recipes already. > > The host header issue that you've uploaded several patches for is a > > bonafide problem for some users, but I think that most people with > > checkin privs feel that it isn't sufficiently dangerous to the majority > > of users to take the time out to review all of your patches and vouch > > for them via a checkin (this might take a day or so to do). > > Well then that either means I'm not explaining it well enough, or I'm > wrong, or something. What I'm shooting for is some discussion of the > issue, which to use bug 813 as an example, is why I asked for it to be > made public. Even after going into more explicit detail on the zope > list though I got exactly 0 followups, so I was starting to think > people just didn't really care all that much. Thankfully this thread > came along... It's not that people don't care, it's that there's a lot of work to do, a limited amount of time to do it in, and people have to choose carefully what they apply themselves to. I'm sure you can understand this. > > OTOH, if you could just check them in yourself, you would no longer > > feel disenfranchised. > > I don't actually feel disenfranchised, just confused as to what kind > of commitment to security ZC is making. Zope is an open source product, the collector issues make their way to many folks outside ZC as well. > My disapointment stems from > my lack of ability to get any feedback on the bugs I've submitted. > Its kinda happening now, but having to kick up dust to make it happen > is less than ideal. I'm not sure how else to help you. The bug reports are appreciated, but we need folks to do the work. > I'm also worried about the amount of reported bugs versus the activity > occuring to fix them. I understand many of them are probably "I did X > and Y crashed, and gosh I think it might be a security problem in Z." > without any analysis apart from random observation, which is sort of a > pain in the ass to deal with, but they aren't visible, and thus I > worry they aren't all like 493. (of which 494 is a public dupe <g>) Which is why we want more cooks. If you don't want checkin privs, that's ok, but you'll need to be more patient. - C _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )