--On 8. Juli 2006 10:16:30 -0400 Jim Fulton <[EMAIL PROTECTED]> wrote:
Yes, someone has to write the tests at some time, soon.Right. Before 2.10.
...so we have some time...
As I pointed out the risk is minimal for Zope-apps because you need to have access to the ZMI..No, it's not. Getting at arbitrary files is not acceptable from the ZMI.
...which won't be possible with *removed* file inclusion code...
so what are security concerns in this case? And file inclusion won't work if the related code is stripped off...so what are your security concerns in this case?I am concerned by the lack of tests. Whoever created the last hot fix was sure the problem was fixed. They were wrong and we're paying the price.
This can happen all the time. A problem in the release process does not justify the removal of a feature until we tried our best to solve the problem. Use the sledge hammer as a last resort.
You seem to be the only one championing TTW reST?I am only champion against crude removal of features and against and a shortsighted preception.That doesn't deserve an answer.
Sorry for being harsh but the lack of tests after two days is really not appropriate approach.
Are you unwilling to write the tests necessary to keep it?This is really not the point. As release manager I am allowed to speak up. But that does not imply I have to fix all and everything.Yes, it really is the point.
No, it is not. I haven't worked on the hotfix...so why would it be up to mewrite tests? I don't want blame Tres...he was doing his best in the situation...but this is totally unrelated that I would be unwilling to write tests in this case. I would have helped but it was late evening and at some point you need some sleep...
We've had a serious security failure due to a lack of adequate testing. This is not acceptable.
Description: PGP signature
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )