[Zope-dev] Resolved security-related collector issues for the public?

Maik Jablonski maik.jablonski at uni-bielefeld.de
Wed Jan 21 15:20:32 EST 2004


Hi,

there were several security-related fixes in the collector (and the
collector-mailing-list) in the last days. Normaly security-related stuff is
not visible for the public... and this seems to be good to avoid exploits
etc.

Lots of security-stuff is fixed now, but I don't think that all people will
migrate their servers as soon as possible (due to limited time, the
experience of the Zope-2.6.3-"desaster", vacations, etc.pp.). 

With all the mentioned security-exploits in the collector out there, the
probability of attacks will rise. And I don't think that this will shed a
"good light" on Zope.

My proposal: Can we have a delay for making security-related fixes public?
Just a month or two or so...

Cheers, Maik






More information about the Zope-Dev mailing list