Benji York wrote:
David Pratt wrote:
What about the idea of maintaining a text file in the distribution
specific to possible security issues. Is this worth considering for
historical purposes so they do not get lost over time or implicitly
understood by only a handful of people.
Exactly. Any package that needs security-related things verified should
have a test (doctest in a text file) describing the problem and
verifying that it has been fixed.
I don't think we want a single file to hold them though, tests
(including these) should normally live near the package that they test.
Ok this all makes perfect sense. The doctest is the right place for this
for sure. Just took me a while to see that everthing was already there
to deal with this as consistently as all other parts of zope3. It's all
Zope3-users mailing list