[Zope] Zope 2.8.x and python security audit

Sven Deichmann deichmann at werkbank.com
Fri Jan 27 03:38:12 EST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oh well... no news is not always good news. I could also mean that PHP
is much more popular and under more surveillance while python is only
good known to professional crackers...

The problem is, that in this usecase we won't be able to use Zope if
there is no official, independent security certificate for it.

Which could lead to such a certificate for Zope, but more likely to a
commercial CMS for which a certificate exists.

We are talking about a pharmaceutical company that is bound to
international regulations regarding software systems in such companies.
Especially all Interface functions have to be tested with every possible
input.


Regards,
Sven

Andreas Jung schrieb:
> 
> 
> --On 26. Januar 2006 10:13:35 +0100 Sven Deichmann
> <deichmann at werkbank.com> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hello!
>>
>> I read on the german zope user group homepage, that Zope 2.8.4 is not
>> supported on python 2.4.x, because of the missing security audit.
>> That is good to know, but... who did the security audit for python
>> 2.3.x? Where can I read about that? What was done?
> 
> There was never an official protocol..the audit was executed at Zope
> Corporation (ask Jim Fulton for details). There were also some glitches
> with
> RestrictedPython that had to be fixed when switching to
> new Python version.
> 
>> (Where is the
>> protocol?)
> 
>> That is a nice argument why one should prefer
>> plone/zope/python over typo3/php, but only if we can prove that...
>>
> 
> I doubt that such an information matters much to _promote_ Zope & Co.
> The weekly bugs in PHP are self-explanatory :-)
> 
> -aj
> 
> 

- --
- ---------------------------------------------------------------
  Information nimmt Gestalt an... - <http://www.werkbank.com>
- ---------------------------------------------------------------
Werkbank Multimedia GmbH * Bergstrasse 152 * 44791 Bochum * GER
Fon: +49(0)234/ 935386-03  * Fax: 935386-06 * mail at werkbank.com
- ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkPZ2/QACgkQx3fK1szFYvmRNQCdGWTryfKGn/NMPpM2PRxjUqAn
6nQAn2sRSrlBRGKOGmXlJup0Guow9F1t
=lyKL
-----END PGP SIGNATURE-----

More information about the Zope mailing list