Christian Theune wrote:
Am Mittwoch, den 30.11.2005, 15:52 +0100 schrieb Philipp von
Andreas Jung wrote:
Let's say it this way: it's safer than with Zope 2.8.3 but it is still not
From where I'm standing, with Zope 2.8.4 it's as safe as with Zope 2.9
(which actually *requires* Python 2.4...) So it is really just a label
we put on the 2.8 and 2.9 branches, in terms of the relevant code base
they're the same...
Statements like that are *dangerous*. The label is all that it is about.
It is against the possibility that although the likely relevant code
base is the same, there might be some minor minor minor switch that
makes everything burn.
I really can't figure out what your saying.
There are _several_ major linux distributions out there that already
ignore this label and shipped Zope with Python 2.4. It's not helpful to
argue them out of that if we don't care for the label ourselves.
Python 2.4 is not supported for current production Zopes. This
has been clearly stated for some time. We can't prevent people
from ignoring this and creating Zope distributions based on an
unsupported Python. People who release Zope for unsupported Python
releases are doing their users a disservice. In this case, there
was a reasonably serious security problem introduced by Python 2.4.
What Andreas is saying is that Python 2.4 still isn't supported
for Zope 2.8. This is different from a statement about a security
audit. The security audit evaluated and addressed issues arising
from a change from Python 2.3 to python 2.4. Zope 2.8.4 reflects
this. We still choose not to support Python 2.4 for Zope 2.8 because
there hasn't been any sort of test release cycle for Zope 2.8 with
Python 2.4. Zope 2.9 will go through such a cycle which will give us
at least some consequence.
Jim Fulton mailto:[EMAIL PROTECTED] Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -