Hash: SHA1

nikhil wrote:
> Hi,
>> Philipp von Weitershausen <[EMAIL PROTECTED]> wrote:
>> He ported the Zope 3 libraries (zope.*). He also worked on the ZODB ina
>> a branch, but I see no sign of its merging. When compiling the ZODB with
>> Python 2.5, I still get loads of compiler warnings.
> I started working in ZODB initially. But that time Jim was working
> on the 3.8 branch. He noticed my branch and started working on
> Python2.5 support to his branch. We had a discussion on this, in
> which I also asked about using conditional compilation of C code
> to ensure backward compatibility.  He replied that it can be left for
> later consideration and its better to leave the warnings as it is for
> now. So as he also told that he will be looking the two remaining
> test failures, I deleted my branch without merging.

OK, cool.  Sorry I misrepresented your work.

>> Especially the difficult part, the untrusted code stuff in Zope 2,
>> hasn't been tackled at all.
> At present the tests are passing for RestrictedPython( for Zope2
> also).

Excellent, I didn't know that.

> Also I have been analyzing the new language features added and is
> trying to add new tests for checking this. But I haven't yet found any
> that will compromise the security and also I think the present tests
> mostly covers these. Please correct me if I am wrong.

This is the trickiest part of the task:  I'm glad you've got at least
part of it done.  Did you note which language features you reviewed, and
what your thoughts were, in the code or online somewhere?  That will
make it easier for those of us who have worked security analysis a bunch.

> Now as far as Zope2 is considered, although not a part of my project
> I will be looking into that too. But as far as I looked, it may
> require
> unavoidable C code changes and I would like to know the general
> opinion on conditional compilation (if no other option is present).

I'm pretty sure conditional compilation is going to be required, because
object laysut changed in incompatible ways.  We might be able to confine
most of that to a couple of macro definitions, though.

- --
Tres Seaver          +1 540-429-0999          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

Zope3-dev mailing list
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to