Sebastien Douche a écrit : > On Wed, Mar 31, 2010 at 14:50, Marius Gedminas <[email protected]> wrote: >> Mostly I wanted to know if anybody was using the KGS in production and >> interested in a point release. > > Yes! :) > >> I'm especially interested in setuptools 0.6c11, since >> the KGS currently pins to 0.6c9, which doesn't support Subversion 1.6 >> checkouts. > > we use distribute w/o issue. > >> We use the 3.4 KGS in production with a few extra pins. Some fix >> important bugs: >> >> zope.app.component = 3.4.2 # very important bugfix for BBB >> ZODB3 = 3.8.4 # security fixes >> zope.sendmail = 3.5.1 # This version handles the 5xx errors >> zope.security = 3.4.2 # bugfixes for Python 2.5 >> setuptools = 0.6c11 > > our vendor KGS: > > lxml = 2.2.2 > tl.eggdeps = 0.4 > transaction = 1.0a1 > z3c.batching = 1.1.0 > z3c.contents = 0.5.0 > z3c.coverage = 1.1.3 > z3c.etestbrowser = 1.3.0 > z3c.evalexception = 2.0 > z3c.i18n = 0.1.1 > z3c.layer.minimal = 1.2.0 > z3c.layer.pagelet = 1.0.1
There is a big security issue on this package. You should update to 1.0.2 as soon as possible 1.0.2 (2009-04-03) --------------------- http://pypi.python.org/pypi/z3c.layer.pagelet/1.0.2 - **Security issue:** The traverser defined for ``IPageletBrowserLayer`` was a trusted adapter, so the security proxy got removed from each traversed object. Thus all sub-objects were publically accessable, too. Then have fun fixing all the security declaration. Everything seems easy with z3c.layer.pagelet 1.0.1 > z3c.profiler = 0.7.1 > z3c.recipe.compattest = 0.11 > z3c.recipe.depgraph = 0.4.0sa1 > z3c.recipe.i18n = 0.5.4 > z3c.recipe.paster = 0.5.0 > z3c.table = 0.6.0 > z3c.testsetup = 0.5.1 > zc.recipe.egg = 1.2.2 > zope.sqlalchemy = 0.4 > zope.testing = 3.8.3sa1 > > lxml, zope.testing & zope.etestbrowser are the most important update I guess. > >> * try to get a 3.4.1 release out of the door <-- this is where I'm >> fuzzy. I think I used to have ssh access to download.zope.org, but I >> don't even remember how you're supposed to use zope.release's bin/upload, >> and I never knew how the releases were made. > > it's simple: > - upload all eggs on the cheeseshop > - create the controled-packages.cfg. Example: > http://download.zope.org/zope3.4/3.4.0/controlled-packages.cfg > - generate the site with zope.kgs > > _______________________________________________ Zope-Dev maillist - [email protected] https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )
