On Thu, Jan 22, 2009 at 10:38, Chris Withers <ch...@simplistix.co.uk> wrote:
>> Note that Jim never explained to me how he does these audits, but I gathered
>> some methods he used in conversations. I think I did a pretty thorough job
>> during the review.
> Yeah, this disturbs me a lot still though :-S

I know the feeling. :) I completely trust that Stephan did a good job
if he thinks he did, but I would be happy if we could gather a bunch
of smart people to spread the knowledge. Maybe a security review
sprint at PyCon, or somesuch? I'd like to hang in a corner and suck up
the smartness. :)

Or, I'd love to help in a sprint to move to security proxies. It's a
major job of course, and the minimal job is to make proxies that
replicate the current very complex and idiosyncratic Zope2 security.
At least such a sprint should be able to locate any big problems and
"impossibilities" so we can think of a path to fix that.

Lennart Regebro: Zope and Plone consulting.
+33 661 58 14 64
Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to