--On 27. März 2008 20:42:50 +0200 Marius Gedminas <[EMAIL PROTECTED]> wrote:

On Wed, Mar 26, 2008 at 09:20:27PM +0100, Dieter Maurer wrote:
Timothy Selivanow wrote at 2008-3-25 17:12 -0700:
> ...
> Now when I say "rip out", I don't mean repackage (make a sub RPM), I
> mean remove from the RPM that I am making.  I don't want to provide a
> "new" Docutils.

That Zope ships with its own "Docutils" comes from the fact
that the standard one has a big security hole.

Which one?  The one that lets you embed any file on the filesystem into
a web page?


I didn't know Zope's bundled version of docutils fixed that.  In any
case, the src/docutils in the Zope 3.2 tree either doesn't have the fix,
or it doesn't work.  I tested it and ended up closing that hole in an
application myself.

At least Zope 2 uses Docutils with the related options disabled. No
idea about Zope 3.2.


Attachment: pgpK98dCDd36X.pgp
Description: PGP signature

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to