On Jul 19, 2006, at 8:35 AM, David Pratt wrote:

Benji York wrote:
David Pratt wrote:
You are probably right but just the same I'd rather see the patched version for z3 also since I am certain this will become less obvious over time if it is left the way it is.
Instead of maintaining a fork of docutils, Zope 3 should (and may already, I haven't been keeping up with this issue) include tests to make sure we're using docutils appropriately. Best of both worlds: we have continued assurance we don't regress, and we don't have to maintain a fork/patches.

Hi Benji. Fair enough. What about the idea of maintaining a text file in the distribution specific to possible security issues. Is this worth considering for historical purposes so they do not get lost over time or implicitly understood by only a handful of people. Many thanks.

Docutils already provides such a document. It's there documenation. Whoever made reST available TTW didn't read it. Providing another document that people won't read won't help the situation. Whenever we reuse 3rd-party code or write, we need be aware of security issues.


Jim Fulton                      mailto:[EMAIL PROTECTED]                Python 
CTO                             (540) 361-1714                  
Zope Corporation        http://www.zope.com             http://www.zope.org

Zope3-users mailing list

Reply via email to