Thanks - I've marked these resolved. FYI I have a number of
other issues still to mark resolved - I'll be trying to work
through those today.
Brian Lloyd [EMAIL PROTECTED]
V.P. Engineering 540.361.1716
Zope Corporation http://www.zope.com
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Behalf Of Jamie Heilman
> Sent: Tuesday, January 20, 2004 12:16 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Zope-dev] post security update analysis
> Jamie Heilman wrote:
> > Now that we've reached closure on some of the outstanding security
> > issues in Zope there's a lot of stuff in the Collector that needs to
> > be revisited...
> > Brian Lloyd wrote:
> > > - Proxy rights on DTMLMethods transferred via acquisition
> > I believe this means issue #743 and issue #977 can be resolved now.
> > Actually, #977 already was rejected IIRC but its never been marked as
> > public which is rather irritating.
> I've verified that this is the case, #977 should be made public, and
> #743 can resolved.
> > > - Improper security assertions on DTMLDocument objects
> > probably fixes issue #865, but because Zope-HEAD doesn't actually run
> > right now, due to a myriad of other bugs, I actually haven't tested it
> I've tested this now, #865 can be resolved.
> Jamie Heilman http://audible.transient.net/~jamie/
> "...thats the metaphorical equivalent of flopping your wedding tackle
> into a lion's mouth and flicking his lovespuds with a wet towel, pure
> insanity..." -Rimmer
> Zope-Dev maillist - [EMAIL PROTECTED]
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope )
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -