Christian Tismer wrote: > If you compare Zope's bug paranoia with Python's, would you > say Zope is a bit less concerned, or there are not enough > people being concerned to get things resolved?
I don't really know, I don't follow Python all that closely. Though due cgi.py's usage of tempfile.py I set my TMPDIR to a directory only writable by my zope process owner, and I don't see that changing until python 2.3 though I haven't read over the rewrite. > Why I'm asking is simply because I'm concerned that there are > no bugtraq entries for Zope, and I don't buy that this comes > from Zope being bug-free. I don't think there's that many people actively auditing the source. All the bugs I've found haven't come from me looking for way a to do something malicious, they've come from me noticing bizzare behavior while trying to get something to work and just following up on it. > Maybe not enough people care about this, but if the hackers > also don't care, why should I :-) I don't know, why should you? I care because it used to be my job to care, now I can't seem to let the mentality go. -- Jamie Heilman http://audible.transient.net/~jamie/ "Most people wouldn't know music if it came up and bit them on the ass." -Frank Zappa _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )