On Wednesday 21 January 2004 03:21 pm, Jamie Heilman wrote: > Hiding the bugs doesn't avoid anything, it just leaves zope > administrators helpless in the dark. I'm not going to rehash the > arguments for and against full dislosure, but seriously--don't delude > yourself into thinking that a problem goes away if you shut your eyes > tightly enough.
Hear, hear! Consider also the position of someone who writes their own product code -- if potential exploits are know to exist with specific Zope functionality, it may be desireable to make design changes to compensate. Or at least, we know to pass that information on to users of our products. Not knowing puts us in a very uncertain position -- which I think is far worse for Zope's reputation than any specific set of known defects. What's more, that reputation may rub off on the rest of us. ;-) "Uncertainty" is the "U" in "FUD", remember. Cheers, Terry _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )