David Pratt wrote:
What about the idea of maintaining a text file in the distribution specific to possible security issues. Is this worth considering for historical purposes so they do not get lost over time or implicitly understood by only a handful of people.


Exactly. Any package that needs security-related things verified should have a test (doctest in a text file) describing the problem and verifying that it has been fixed.

I don't think we want a single file to hold them though, tests (including these) should normally live near the package that they test.
--
Benji York
Senior Software Engineer
Zope Corporation
_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users

Reply via email to