On Thu, Jan 22, 2009 at 10:38, Chris Withers <ch...@simplistix.co.uk> wrote: >> Note that Jim never explained to me how he does these audits, but I gathered >> some methods he used in conversations. I think I did a pretty thorough job >> during the review. > > Yeah, this disturbs me a lot still though :-S
I know the feeling. :) I completely trust that Stephan did a good job if he thinks he did, but I would be happy if we could gather a bunch of smart people to spread the knowledge. Maybe a security review sprint at PyCon, or somesuch? I'd like to hang in a corner and suck up the smartness. :) Or, I'd love to help in a sprint to move to security proxies. It's a major job of course, and the minimal job is to make proxies that replicate the current very complex and idiosyncratic Zope2 security. At least such a sprint should be able to locate any big problems and "impossibilities" so we can think of a path to fix that. -- Lennart Regebro: Zope and Plone consulting. http://www.colliberty.com/ +33 661 58 14 64 _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
