On Jul 8, 2006, at 3:06 PM, Andreas Jung wrote:

No, it is not. I haven't worked on the hotfix...so why would it be
up to me
write tests?

It's not.  The person who *did* write the hot-fix didn't want the
feature in the first place.  Tres stepped up and helped us in an
emergency. I imagine that he isn't signing up to maintaint the feature.

When you talk of "the feature"...you mean file inclusion? This feature was not supposed to be there. It was never a goal of reST to provide this feature. So Tres' solution (removing the code) is perfectly fine.

No, the feature I'm talking about is TTW reST. Because reST has a feature
that has to be turned off to be secure when processing text from
untrusted users, it requires special care.

There are a lot of modules where we don't want to take over the maintainer. The important thing is that we have clever ppl who understand the code and can deal with such problems in such a case.

We need a better chain of responsibility than that, especially when there is a known security thread.

See above...it's not a question of general responsibility...it's a question of taking over the responsibility for a particular problem in particular situation...of course maintainers for modules are highly welcome...things are as they are in the Zope 2 world...

I don't agree.  Our current approach isn't working.


Jim Fulton                      mailto:[EMAIL PROTECTED]                Python 
CTO                             (540) 361-1714                  
Zope Corporation        http://www.zope.com             http://www.zope.org

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to