[Zope-dev] Resolved security-related collector issues for the
public?
T H
hancock at earthlink.net
Thu Jan 22 01:04:53 EST 2004
On Wednesday 21 January 2004 03:21 pm, Jamie Heilman wrote:
> Hiding the bugs doesn't avoid anything, it just leaves zope
> administrators helpless in the dark. I'm not going to rehash the
> arguments for and against full dislosure, but seriously--don't delude
> yourself into thinking that a problem goes away if you shut your eyes
> tightly enough.
Hear, hear!
Consider also the position of someone who writes their own product
code -- if potential exploits are know to exist with specific Zope
functionality, it may be desireable to make design changes to
compensate. Or at least, we know to pass that information on to
users of our products. Not knowing puts us in a very uncertain
position -- which I think is far worse for Zope's reputation than any
specific set of known defects. What's more, that reputation may
rub off on the rest of us. ;-)
"Uncertainty" is the "U" in "FUD", remember.
Cheers,
Terry
More information about the Zope-Dev
mailing list