[ZDP] Re: [Zope-dev] Zope Site back on track
Andy Dustman
adustman@comstar.net
Fri, 17 Sep 1999 15:16:58 -0400 (EDT)
On Fri, 17 Sep 1999, Michel Pelletier wrote:
> I would like to take this opertunity to remind everyone that PRIVATELY
> informing us of 'showstopper' security bugs is just good netiquette.
> This gives us an opportunity not only to analyze the problem and provide
> a quick fix (after all, it could just be *your* problem, and you'd be
> 'crying wolf'), it also prevents the widespread distribution of exploits
> before we have a chance to control the situation.
And I'll take this opportunity to apologize for blabbing about this to the
main list. At the time it occurred, I had no idea that it was a general
Zope problem; I assumed it was a permission problem in the site setup. In
fact, I didn't even expect the thing I tried to do what it did. Certainly
I never intended to disrupt the Zope website. If I had thought at the time
that it was a hole in Zope itself, I think I would have done things
differently, but hindsight is 20/20.
My bad, sorry. :(
--
andy dustman | programmer/analyst | comstar.net, inc.
telephone: 770.485.6025 / 706.549.7689 | icq: 32922760 | pgp: 0xc72f3f1d