On Jul 8, 2006, at 3:34 PM, Tres Seaver wrote:
The monkeypatch in the hotfix *might* be defeated that way, sure. The
updated version of docutils I checked in will *not*, because it
file inclusion inside the source of the dangerous handlers.
Another possible fix would be to patch docutils to make the
configuration directive for file inclusion disabled by default; that
would allow a trusted module to enable them for a given parse, without
exposing the feature for untrusted code.
I like this.
I would feel better, if we choose to maintain a hacked docutils,
to rename it so that it remains possible for an add-on to use a non-
Also, if we maintain a hacked version, of course, we are taking extra
responsibility on ourselves.
You seem to be the only one championing TTW reST? Are you
write the tests necessary to keep it? If so, it's hard to have any
sympathy for your desire to keep it.
There are way too many uses of TTW documents out there "live" to just
rip it out, I think.
Unless we have much better maintenance of this feature than we've had
in the past, then we'll have no choice. Hopefully this will change.
Jim Fulton mailto:[EMAIL PROTECTED] Python
CTO (540) 361-1714
Zope Corporation http://www.zope.com http://www.zope.org
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -