Benji York wrote:
David Pratt wrote:
What about the idea of maintaining a text file in the distribution specific to possible security issues. Is this worth considering for historical purposes so they do not get lost over time or implicitly understood by only a handful of people.

Exactly. Any package that needs security-related things verified should have a test (doctest in a text file) describing the problem and verifying that it has been fixed.

I don't think we want a single file to hold them though, tests (including these) should normally live near the package that they test.

Ok this all makes perfect sense. The doctest is the right place for this for sure. Just took me a while to see that everthing was already there to deal with this as consistently as all other parts of zope3. It's all good :-)

Zope3-users mailing list

Reply via email to