On Jul 8, 2006, at 8:12 AM, Andreas Jung wrote:

--On 8. Juli 2006 07:45:01 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:

On Jul 8, 2006, at 1:11 AM, Andreas Jung wrote:

--On 7. Juli 2006 11:03:06 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:

I think we should do a 2.9.4 release to incorporate the recent hot
This is easy for me to say, since I won't be doing it. :)

Because this recent fix actually fixed the same problem that the
previous hot fix was supposed to fix, I think someone needs to
work up
some decent tests.  This is not a trivial task, bit it is
necessary.  If
no one is willing to do this, I think we need to drop the TTW
reStructuredText support from Zope 2, as it is too great a risk.

Dropping TTW reST is absolutely not an option. I breaks backward

Sorry, security trumps backward compatibility.

Only if there is no other option. Tres' patch seems to resolve this issue and with further testing there is no need to remove the functionality.

"Seems" isn't good enough. It's not even close.  The hot fix last fall
"seemed" to fix the problem. :(

Heck (I wanted to use another 4-letter-word, because I'm getting kinda
angry), even the current patch hasn't been adequately tested.  Michael
suggested that the patch needed to be tested against all recent Zope
versions. Has this been done? I don't think so. Do we even have *tests* that it works? I doubt it. I don't fault Tres for this. We needed to get the hotfix out in a hurry. Do I think Tres should have to write tests for this? After he plugged
a hole in something he didn't want included in the first place? Heck no.

BTW, I suspect that a less violent patch could be created, if
anyone wants to champion TTW reStructuedText support in
Zope 2.  Personally, I'm for dropping it.

Tres' patch is looking in fine to me. I don't see a need right now
for dropping reST with having file inclusing *removed*.

Has anyone written tests for Tres' patch?  Apparently no one wrote
adequate tests for the last hot fix, which helped put us in this

I'm not opposed to keeping TTW reST if *someone takes responsibility*
for it. I don't see this happening. If someone cares enough about TTW
to stand behind it and properly address the security risks by writing
then great.

There is currently litte need to break this over the knee. We have a hotfix, we have a stripped down version of Docutils. We have some time until the next releases. Perhaps nobody had time so far (at least me) for writing further tests..that does not mean that nobody takes responsibility. If we would rip of everything from Zope 2 where nobody takes over responsibility....what would be left?

In addition I don't see a big problem for Zope-only(!) apps. Using reST in Zope requires access to the ZMI which is in general available only to trusted users. Removing TTW-editing of reST in Zope does *not* solve any problem e.g. for Plone where reST can be edited through the Plone UI by usually untrusted users. It is *our* task to make reST (basically Docutils) secure enough. It's safe enough for Zope-only apps but I agree that the Docutils code and the "hotfix" requires some more testing and review.

Otherwise it has to go.

No :-)

Wrong. Sorry, I'll invoke Pope if I have to.

I'm not talking about 2.9 and earlier. but if no one takes responsibility
for this feature, wi'll rip it out of 2.10.

 It reflects a sorry, but  perhaps
accurate,  view of the community's commitment to quality. :(

Sorry, I've no idea what you mean with this remark.

Tres came up with this sledge hammer because he has no confidence
in people's willingness to test and implement this feature properly.
Sadly, he has good evidence for this point of view.


Jim Fulton                      mailto:[EMAIL PROTECTED]                Python 
CTO                             (540) 361-1714                  
Zope Corporation        http://www.zope.com             http://www.zope.org

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to