On Wed, Mar 26, 2008 at 09:20:27PM +0100, Dieter Maurer wrote:
> Timothy Selivanow wrote at 2008-3-25 17:12 -0700:
> > ...
> >Now when I say "rip out", I don't mean repackage (make a sub RPM), I
> >mean remove from the RPM that I am making.  I don't want to provide a
> >"new" Docutils.
> That Zope ships with its own "Docutils" comes from the fact
> that the standard one has a big security hole.

Which one?  The one that lets you embed any file on the filesystem into
a web page?


I didn't know Zope's bundled version of docutils fixed that.  In any
case, the src/docutils in the Zope 3.2 tree either doesn't have the fix,
or it doesn't work.  I tested it and ended up closing that hole in an
application myself.

Marius Gedminas
Alan Turing thought about criteria to settle the question of whether
machines can think, a question of which we now know that it is about
as relevant as the question of whether submarines can swim.
                -- Dijkstra

Attachment: signature.asc
Description: Digital signature

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to