On Wed, Mar 26, 2008 at 09:20:27PM +0100, Dieter Maurer wrote: > Timothy Selivanow wrote at 2008-3-25 17:12 -0700: > > ... > >Now when I say "rip out", I don't mean repackage (make a sub RPM), I > >mean remove from the RPM that I am making. I don't want to provide a > >"new" Docutils. > > That Zope ships with its own "Docutils" comes from the fact > that the standard one has a big security hole.
Which one? The one that lets you embed any file on the filesystem into a web page? http://docutils.sourceforge.net/docs/howto/security.html I didn't know Zope's bundled version of docutils fixed that. In any case, the src/docutils in the Zope 3.2 tree either doesn't have the fix, or it doesn't work. I tested it and ended up closing that hole in an application myself. Marius Gedminas -- Alan Turing thought about criteria to settle the question of whether machines can think, a question of which we now know that it is about as relevant as the question of whether submarines can swim. -- Dijkstra
Description: Digital signature
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )