[Zope-Coders] Towards 2.6

Florent Guillaume fg@nuxeo.com
16 Oct 2002 22:27:32 +0200 

Well, had there been a warning one day before the release of beta2, I'd
have put those changes in beta2... (at least the Unicode one).

<sigh>

Florent

On Wed, 2002-10-16 at 22:08, Brian Lloyd wrote:
> Florent (and Chris and Shane et. al.),
> 
> While I agree with the need to fix these things, the intent is 
> that there are no changes between final beta and final release.
> 
> These can go into a 2.6.1 to follow as soon after as it needs 
> to, but we really need to get this release out. As the person 
> who routinely gets beaten up both for the release taking too
> long _and_ for it failing to contain peoples pet fixes and changes 
> (sometimes in the same email!), I'm obligated to draw a line 
> at some point and get this thing out.
> 
> Please don't take that as being unappreciative of your efforts - 
> we just have to have a cutoff at some point.
> 
> 
> Brian Lloyd        brian@zope.com
> V.P. Engineering   540.361.1716              
> Zope Corporation   http://www.zope.com 
> 
>  
> 
> > -----Original Message-----
> > From: zope-coders-admin@zope.org [mailto:zope-coders-admin@zope.org]On
> > Behalf Of Florent Guillaume
> > Sent: Wednesday, October 16, 2002 12:08 PM
> > To: zope-coders@zope.org
> > Subject: [Zope-Coders] Towards 2.6
> > 
> > 
> > FYI here are the things I want to fix before 2.6 (b3 or final):
> > 
> > - Check in something fixing i18n and Unicode handling for the cases I
> >   outlined recently. There is too much legacy pages that won't be able
> >   to use Unicode at all otherwise. See the thread at
> >   http://lists.zope.org/pipermail/zope-coders/2002-September/002110.html
> >   for details.
> > 
> > - Fix all the unqualified <dtml-var foo> in the code that are potential
> >   XSS security bugs. I have a patch that does most of it, actually that
> >   removes 95% of the <dtml-var foo> to replace them by &dtml-foo;, which
> >   is the right thing in most cases. Note that it helps auditability a
> >   lot to be able to grep for '<dtml-var'.
> > 
> > - Maybe improve Catalog speed for CMF, see
> >   http://lists.zope.org/pipermail/zope-coders/2002-October/002210.html
> >   I understand it's better to code something in a branch to get feedback
> >   too, I'll do that.
> > 
> > Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:fg@nuxeo.com