On Fri, 23 Jan 2004 12:17:38 +0100
Dario Lopez-Kästen <[EMAIL PROTECTED]> wrote:

> Chris Withers wrote:
> > Hi,
> > 
> > Can anyone shed light on all of these? I know about some of them,
> > but this is quite a disturbingly long list...
> What is the current status of these issues? I am running a rather
> larges site with sensitive personal data.

They are fixed in the latest releases of Zope 2.6 and 2.7
> The decision to use Python/Zope instead of Java/uPortal is very much 
> debated by people whith power, and I am trying to protect the
> investment made in Zope.

The security vulnerabilities were not publically announced until new
versions of Zope were available that fixed them.
> I know, you get what you pay for etc, but I am struggling to keep Zope
> instead of having to  migrate to Java, and it is hard enouigh as it
> is. All this is politics, perception and logistics and has nothing to
> do with technical advantage.

Actually with Zope, I think you get a lot more than you pay for ;^) 
> Unfortunately I cannot help very much in resolving these issues since
> I am not knowledgeable enough to be able to help, but I would like to 
> follow the status of these issues, under NDA if need be.

The issues are already resolved. The only question is whether you can do
a timely upgrade to a fixed version.
> It is also a matter of taking steps to protect personal data.

Download a new version of Zope and test it out with a copy of your
application. Let us know if anything breaks.


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to