[Pkg-zope-developers] Re: zope2.7 security fix (bug 334055 )
A Mennucc
debdev at tonelli.sns.it
Mon Nov 21 08:57:48 UTC 2005
Hi joey, and thanks for working on this
On Sun, Nov 20, 2005 at 08:23:48AM +0100, Martin Schulze wrote:
>
> A Mennucc wrote:
> > I have (hopefully) fixed the bug 334055 that is a security alert....
>
> Thanks a lot!
>
> Do you have any idea about the state of this problem with regards to the
> zope version in woody?
as you noted in your following email , woody contains zope version 2.6 ;
we are aware that zope 2.6 has many problems (although I do not remember
by heart) and unfortunately fixing them is too difficult (zope.com
is not providing patches AFAIK)
> > Unfortunately all the above is source-only : I do not have here available
> > a clean pure Sarge or Etch build environment.
>
> I'll take care of it.
wonderful
BTW it seems that the new versioned BTS is not understanding that
334055 was fixed in sid but not in sarge... I now send a "found"
command, and see if this corrects the BTS!
> However, I discovered a problem:
>
> if language_code:
> settings['language_code'] = language_code
> + settings['language_code'] = language_code
> # starting level for <H> elements:
>
> I guess that this line shouldn't be included.
(eagle eye!) Yes you are right
> > Can I upload a source-only in stable-security and testing-security ?
>
> No. Source only uploads would fail when the packages try to reach the
> main archive. Additionally, binary-all is not autobuilt.
since no one was answering my email to security, I tried to upload,
and indeed it bounced.. :->
maybe it would be wise to allow source only uploads for security,
so that people on security at d.o may receive the proper sources
and binaries....
thanks again
a.
--
Andrea Mennucc
"Ukn ow,Ifina llyfixe dmysp acebar.ohwh atthef"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20051121/b2733d6a/attachment.pgp
More information about the Pkg-zope-developers
mailing list