On Jul 8, 2006, at 3:06 PM, Andreas Jung wrote:
No, it is not. I haven't worked on the hotfix...so why would it be
up to me
write tests?
It's not. The person who *did* write the hot-fix didn't want the
feature in the first place. Tres stepped up and helped us in an
emergency. I imagine that he isn't signing up to maintaint the
feature.
When you talk of "the feature"...you mean file inclusion? This
feature was not supposed to be there. It was never a goal of reST
to provide this feature. So Tres' solution (removing the code) is
perfectly fine.
No, the feature I'm talking about is TTW reST. Because reST has a
feature
that has to be turned off to be secure when processing text from
untrusted users, it requires special care.
There are a lot of modules where we don't want to take over the
maintainer.
The important thing is that we have clever ppl who understand the
code and can deal with such problems in such a case.
We need a better chain of responsibility than that, especially when
there is a known security thread.
See above...it's not a question of general responsibility...it's a
question of taking over the responsibility for a particular problem
in particular
situation...of course maintainers for modules are highly
welcome...things are as they are in the Zope 2 world...
I don't agree. Our current approach isn't working.
Jim
--
Jim Fulton mailto:[EMAIL PROTECTED] Python
Powered!
CTO (540) 361-1714
http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
_______________________________________________
Zope-Dev maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
