On Jul 19, 2006, at 8:35 AM, David Pratt wrote:
Benji York wrote:
David Pratt wrote:
You are probably right but just the same I'd rather see the
patched version for z3 also since I am certain this will become
less obvious over time if it is left the way it is.
Instead of maintaining a fork of docutils, Zope 3 should (and may
already, I haven't been keeping up with this issue) include tests
to make sure we're using docutils appropriately. Best of both
worlds: we have continued assurance we don't regress, and we don't
have to maintain a fork/patches.
Hi Benji. Fair enough. What about the idea of maintaining a text
file in the distribution specific to possible security issues. Is
this worth considering for historical purposes so they do not get
lost over time or implicitly understood by only a handful of
people. Many thanks.
Docutils already provides such a document. It's there documenation.
Whoever made reST available TTW didn't read it. Providing another
document that people won't read won't help the situation. Whenever
we reuse 3rd-party code or write, we need be aware of security issues.
Jim
--
Jim Fulton mailto:[EMAIL PROTECTED] Python
Powered!
CTO (540) 361-1714
http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users