Christian Tismer wrote:
> If you compare Zope's bug paranoia with Python's, would you
> say Zope is a bit less concerned, or there are not enough
> people being concerned to get things resolved?

I don't really know, I don't follow Python all that closely.  Though
due's usage of I set my TMPDIR to a directory only
writable by my zope process owner, and I don't see that changing until
python 2.3 though I haven't read over the rewrite.
> Why I'm asking is simply because I'm concerned that there are
> no bugtraq entries for Zope, and I don't buy that this comes
> from Zope being bug-free.

I don't think there's that many people actively auditing the source.
All the bugs I've found haven't come from me looking for way a to do
something malicious, they've come from me noticing bizzare behavior
while trying to get something to work and just following up on it.

> Maybe not enough people care about this, but if the hackers
> also don't care, why should I :-)

I don't know, why should you?  I care because it used to be my job to
care, now I can't seem to let the mentality go.

Jamie Heilman         
"Most people wouldn't know music if it came up and bit them on the ass."
                                                        -Frank Zappa

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to