[Zope-Annce] Zope 2.13.23 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On behalf of the Zope Foundation and its members, I'm pleased to announce the 2.13.23 release of the Zope2 package: https://pypi.python.org/pypi/Zope2/2.13.23 One key feature is that Zope2 should now be installable via pip, e.g.: - From the changelog: - - Provide a pip-compatible ``requirements.txt`` file for the release. E.g.:: $ /path/to/venv/bin/pip install \ https://raw.githubusercontent.com/zopefoundation/Zope/2.13.23/requirements.txt - - LP #789863: Ensure that Request objects cannot be published / traversed directly via a URL. - - Issue #27: Fix publishing of ``ZPublisher.Iterators.IStreamIterator`` under WSGI. This interface does not have ``seek`` or ``tell``. Introduce ``ZPublisher.Iterators.IUnboundStreamIterator`` to support publishing iterators of unknown length under WSGI. - - Document running Zope as a WSGI application. See https://github.com/zopefoundation/Zope/issues/30 - - LP #1465432: Ensure that WSGIPublisher starts / ends interaction at request boundaries (analogous to ZPublisher). Backport from master. - - Fix: Queue additional warning filters at the beginning of the queue in order to allow overrides. - - Issue #16: prevent leaked connections when broken ``EndRequestEvent`` subscribers raise exceptions. - - LP #1387225: Zope 2.13.x w/ zope.browserpage 4.x doesn't start. - - LP #1387138: Zope 2.13.x w/ zope.pagetemplate 4.x doesn't start. - - LP #1386795: Fix ``zopectl start`` with zdaemon 3 and newer. - - Updated distributions: - - Acquisition = 2.13.9 - - DateTime = 2.12.8 - - Products.BTreeFolder2 = 2.13.5 - - Products.ExternalMethod = 2.13.1 - - Products.Mailhost = 2.13.2 - - Products.StandardCacheManagers = 2.13.1 - - ZConfig = 2.9.3 - - zLOG = 2.11.2 - - zope.dublincore = 3.7.1 - - zope.mkzeoinstance = 3.9.6 Tres. - -- ======= Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJVkazmAAoJEPKpaDSJE9HYKd4P+wRQqhyGpbok8PG5QegqhISU Qoyx35ppixD2PrwZU9iRe+dVSSasTF5F9QeC74HO95WMMfByAFGIYd1l0UTQTAA1 tEAsvc+2Uzj5ZlAC9ry+dF6oEHB6QiY56NJNxSMcCyUSJjk0PPHA26SnoxV8IXAg kwBZA6cmcA3x4Vj0UnNlVhWcMPKhQjXpthor0DIOPmkZJXpufk7uKmldUtAE1Jic NTySXsapT6CMKUM2bfEMDFgbx/qEE/yuhmnxRN5+GCLCBmYQG21IpoI5SUrFx8ip U9PWw96ckRGFAsfJD74Rxd2YciTqOeuOtzL7ohrnTSLA78arUBNBYxSHcKHvHCo8 5/f1PrcBJVX4Qac8BHBXrsMAcCczm8JmBlOMjj0dH/XL9lrgXbKQoyyPgH8Puqbm aJd3FSnmL+qvSlB4qHaK9gjHKRz7hOSjXZ2rqMrSX31Tsy8Pnp4sKSVidDGjz04Q 4nogyH3IJM7LLZGqmz1EmOsYzv0WF1t0sL4EM7gcrjhupokrQYMAsAnVtu6I9YIB VAHlHbaVFnQMibyboWf4xi35vlIi7bGBcBnzRqRo7oc/+wIqd8g5+f6RNGIAbp2A 3K4jsF40P/S+3dAZiZ24r529ftfspaUnvbOMjeSruxzIq5g6wAgQSsMrnctIBb6G qBpGLYYsoBejxtwstojh =01nf -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] REMINDER: 2013 Zope Foundation General Meeting in 45 minutes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/16/2013 11:41 AM, Tres Seaver wrote: > The Zope Foundation board is pleased to announce the regular 2013 > general meeting of the foundation will be held on Friday, 22 March > 2013, at 15:00 UTC. The meeting will be conducted via IRC at the > following channel: > > irc://irc.freenode.net/#zope-foundation > > As well as annual reports, the main agenda item will be the vote to > seat the newly-elected board.: > > - Godefroid Chapelle > > - Jim Fulton > > - Rob Page > > - Stephan Richter > > - Jeff Rush > > - Tres Seaver > > - Aroldo Souza-Leite > > I would ask foundation members to make every effort to be present at > the meeting, which should be relatively short. Agenda: http://foundation.zope.org/board/agendas/2013/agenda-agm-20130322 Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlFMaBEACgkQ+gerLs4ltQ4VsgCfU/g4wB630QwMLPvHXXZGktjt LwgAn2EW6QHXdty7IX9AnAJraAHoE4KC =M2B3 -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope-Annce] REMINDER: 2013 Zope Foundation General Meeting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/16/2013 11:41 AM, Tres Seaver wrote: > The Zope Foundation board is pleased to announce the regular 2013 > general meeting of the foundation will be held on Friday, 22 March > 2013, at 15:00 UTC. The meeting will be conducted via IRC at the > following channel: > > irc://irc.freenode.net/#zope-foundation > > As well as annual reports, the main agenda item will be the vote to > seat the newly-elected board.: > > - Godefroid Chapelle > > - Jim Fulton > > - Rob Page > > - Stephan Richter > > - Jeff Rush > > - Tres Seaver > > - Aroldo Souza-Leite > > I would ask foundation members to make every effort to be present at > the meeting, which should be relatively short. /me slaps himself. Of course it is the 22nd, or else I missed it. Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlFElVkACgkQ+gerLs4ltQ6evwCg0hXN9njpEwYZnGltZ0srx8Sj ZsEAoK95X1tLCK4dcDSlyZyLL4/EX8Mp =09wQ -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] REMINDER: 2013 Zope Foundation General Meeting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Zope Foundation board is pleased to announce the regular 2013 general meeting of the foundation will be held on Friday, 22 March 2013, at 15:00 UTC. The meeting will be conducted via IRC at the following channel: irc://irc.freenode.net/#zope-foundation As well as annual reports, the main agenda item will be the vote to seat the newly-elected board.: - - Godefroid Chapelle - - Jim Fulton - - Rob Page - - Stephan Richter - - Jeff Rush - - Tres Seaver - - Aroldo Souza-Leite I would ask foundation members to make every effort to be present at the meeting, which should be relatively short. Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlFEkr4ACgkQ+gerLs4ltQ7NcQCdGVJvfT0wT74S6nXgF2PA6WYJ YPMAoJ/Y2N78sOoDBa1wfeQX5mYr6Zik =FARn -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope-Annce] [ZF] Announcement: 2013 Zope Foundation Board Elections and General Meeting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/01/2013 11:19 AM, Tres Seaver wrote: > (please forgive the crosspost: we need this announcement to be read > as widely as possible). > > > The Zope Foundation board is pleased to announce the regular 2013 > general meeting of the foundation will be held on Friday, 22 March > 2013, at 15:00 UTC. The meeting will be conducted via IRC at the > following channel: > > irc://irc.freenode.net/#zope-foundation > > Prior to that meeting, the current board will conduct an elections in > which foundation members will select seven (7) board members in > accordance with the foundation bylaws[1]. > > > Summary --- > > - Nominations open via the foundat...@zope.org mailing list until > Friday, 2013-02-15. > > - Voting via e-mail to a closed mailing list, from Wednesday, > 2013-02-20 through Friday, 2013-03-08. > > - Votes tallied by representatives of the current board, using "Meek > and Warrent STV" method using OpenSTV software. > > - General meeting and seating of the new board, Friday, 2013-03-22. Because we did not have more nominations than seats, the Foundation board voted today in its regular monthly meeting to elide the elections process, and declare the following nominated candidates as elected by acclamation: - - Godefroid Chapelle - - Jim Fulton - - Rob Page - - Stephan Richter - - Jeff Rush - - Tres Seaver - - Aroldo Souza-Leite Voting to seat the new board is still on the agneda for the general meeting. Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlEmks0ACgkQ+gerLs4ltQ7CUwCbBnxumThetZGScg3KvwBAWaqj NiIAoLxOWCIuZS7BTkhm561uGWi61TA/ =9NTP -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Announcement: 2013 Zope Foundation Board Elections and General Meeting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (please forgive the crosspost: we need this announcement to be read as widely as possible). The Zope Foundation board is pleased to announce the regular 2013 general meeting of the foundation will be held on Friday, 22 March 2013, at 15:00 UTC. The meeting will be conducted via IRC at the following channel: irc://irc.freenode.net/#zope-foundation Prior to that meeting, the current board will conduct an elections in which foundation members will select seven (7) board members in accordance with the foundation bylaws[1]. Summary - --- - - Nominations open via the foundat...@zope.org mailing list until Friday, 2013-02-15. - - Voting via e-mail to a closed mailing list, from Wednesday, 2013-02-20 through Friday, 2013-03-08. - - Votes tallied by representatives of the current board, using "Meek and Warrent STV" method using OpenSTV software. - - General meeting and seating of the new board, Friday, 2013-03-22. Procedure for Elections - --- The procedure for the elections is as follows: - - Foundation members may nominate any member by responding to the board's announcment on the foundat...@zope.org maling list. Nominations will remain open until Friday, 2013-02-15, 23:00 UTC. - - At the close of the nominations period, the board will create a new mailman list, 'zf-elections-2013', and approve all ZF members to post to the list. In order to preserve anonymity of votes, foundation members will not be subscribers to the list; access to the list archives will be restricted to the "tellers" appointed by the board. - - On Wednesday, 2013-02-20, the Secretary will send an e-mail announcing the opening of the voting period. This email will contain the ballot, with careful instructions about how to rank preferences in the reply. The Reply-to header of this e-mail will be set to the 'zf-elections-2013' list. - - ZF members will vote by replying to that e-mail. Voting will remain open until Friday, 2013-03-08, 23:00 UTC. - - At the close of voting, the board will appoint two of its members as "tellers." The tellers will use the list archive to tabulate the members' votes, using the OpenSTV application[2] configured to use the Meek and Warren STV method[3]. The tellers will report the election results, along with the raw tallies, at a special board meeting to be held on Tuesday, 2013-03-20, 15:00 UTC. - - After canvassing the results from the tellers, the board will notify all nominees of the success / failure of their candidacy, thanking them for their willingness to serve. - - At the general meeting, the last item on the agenda will the announcement of the election results, including a vote to "seat" the board. An online version of this announcement is available at: http://foundation.zope.org/news/2013_election_and_general_meeting References - -- [1] http://foundation.zope.org/bylaws/zope_foundation_bylaws.pdf [2] http://stv.sourceforge.net/aboutopenstv [3] http://stv.sourceforge.net/votingmethods/meek Tres. - -- ======= Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlEL6ysACgkQ+gerLs4ltQ5dhACgxeeRpgLSMKjLuW5NLfwTM1Tz A7sAnAphPm/PKiNbJsvRSzpoKB9W66dy =U7sv -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Announcement: 2012 Zope Foundation Board Elections and General Meeting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (Apologies in advance for the cross-post: we need this to reach the whole Zope community). The Zope Foundation board is pleased to announce the regular 2012 general meeting of the foundation will be held on Friday, 16 March 2012, at 15:00 UTC. The meeting will be conducted via IRC at the following channel: irc://irc.freenode.net/#zope-foundation Prior to that meeting, the current board will conduct an elections in which foundation members will select seven (7) board members in accordance with the foundation bylaws[1]. Summary - --- - - Nominations open via the foundat...@zope.org mailing list until Friday, 2012-02-10. - - Voting via e-mail to a closed mailing list, from Wednesday, 2012-02-15 through Friday, 2012-03-02. - - Votes tallied by representatives of the current board, using "Meek and Warrent STV" method using OpenSTV software. - - General meeting and seating of the new board, Friday, 2012-03-16. Procedure for Elections - --- The procedure for the elections is as follows: - - Foundation members may nominate any member by responding to the board's announcment on the foundat...@zope.org maling list. Nominations will remain open until Friday, 2012-02-10, 23:00 UTC. - - At the close of the nominations period, the board will create a new mailman list, 'zf-elections-2012', and approve all ZF members to post to the list. In order to preserve anonymity of votes, foundation members will not be subscribers to the list; access to the list archives will be restricted to the "tellers" appointed by the board. - - On Wednesday, 2012-02-15, the Secretary will send an e-mail announcing the opening of the voting period. This email will contain the ballot, with careful instructions about how to rank preferences in the reply. The Reply-to header of this e-mail will be set to the 'zf-elections-2012' list. - - ZF members will vote by replying to that e-mail. Voting will remain open until Friday, 2012-03-02, 23:00 UTC. - - At the close of voting, the board will appoint two of its members as "tellers." The tellers will use the list archive to tabulate the members' votes, using the OpenSTV application[2] configured to use the Meek and Warren STV method[3]. The tellers will report the election results, along with the raw tallies, at a special board meeting to be held on Tuesday, 2012-03-13, 15:00 UTC. - - After canvassing the results from the tellers, the board will notify all nominees of the success / failure of their candidacy, thanking them for their willingness to serve. - - At the general meeting, the last item on the agenda will the announcement of the election results, including a vote to "seat" the board. An online version of this announcement is available at: http://foundation.zope.org/news/2012_election_and_general_meeting References - -- [1] http://foundation.zope.org/bylaws/zope_foundation_bylaws.pdf [2] http://stv.sourceforge.net/aboutopenstv [3] http://stv.sourceforge.net/votingmethods/meek Tres. - -- ======= Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8psnAACgkQ+gerLs4ltQ6l+ACglK1iWt6eq0z52Zojiq9n0id2 weoAnRs57WAoLtDLqyaBM/YdzkEMQ5Bv =1oDS -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Annoucment: CVE-2010-1104, hotfix, Zope 2.12.22 and 2.13.12 releases
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Overview In response to the cross-site scripting vulnerability in Zope2 reported as 'CVE 2010-1104'[1], the Zope security response team announces the availablility of a hotfix product (for Zope < 2.12), and new releases for the Zope 2.12 and 2.13 lines: Hotfix: http://pypi.python.org/pypi/Products.Zope_Hotfix_CVE_2010_1104 Zope 2.12.22: http://pypi.python.org/pypi/Zope2/2.12.22 Zope 2.13.12: http://pypi.python.org/pypi/Zope2/2.13.12 WARNING: Zope < 2.12 is no longer officially supported, and may have other unpatched vulnerabilities. You are encouraged to upgrade to a supported Zope 2. Installing the Hotfix = The hotfix has been tested with Zope instances using Zope 2.8.x - 2.11.x. Users of Zope 2.12.x and 2.13.x should instead update to the latest corresponding minor revision, which already includes this fix. Download the tarball from the PyPI page: http://pypi.python.org/pypi/Products.Zope_Hotfix_CVE_2010_1104 Unpack the tarball and add a 'products' key to the 'etc/zope.conf' of your instance. E.g.:: products /path/to/Products.Zope_Hotfix_CVE_2010_1104/Products and restart. Alternatively, you may copy or symlink the 'Products' directory into the 'Products' subdirectory of your Zope instance. E.g.:: $ cp -r /path/to/Products.Zope_Hotfix_CVE_2010_1104/Products \ /path/to/instance/Products/ Verifying the Installation - -- After restarting the Zope instance, check the 'Control_Panel/Products' folder in the Zope Management Interface, e.g.: http://localhost:8080/Control_Panel/Products/manage_main You should see the 'Zope_Hotfix_CVE_2010_1104' product folder there. [1] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1104 Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8XSAYACgkQ+gerLs4ltQ4hNgCeIuBeZz2deF95lglP+kiGg66I YCAAnjiaDBpuB5XD0wAK7WHicxPp1abS =MsHo -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Hotfix for security vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On behalf of the Zope security response team, I would like to announce
the availability of a hotfix for a vulnerability inadvertently
published earlier today.
'Products.Zope_Hotfix_20111024' README
==
Overview
-
This hotfix addresses a serious vulnerability in the Zope2
application server. Affected versions of Zope2 include:
- - 2.12.x <= 2.12.20
- - 2.13.x <= 2.13.6
Older releases (2.11.x, 2.10.x, etc.) are not vulnerable.
The Zope2 security response team recommends that all users of
these releases upgrade to an unaffected release (2.12.21 or
2.13.11) as soon as they become available.
Until that upgrade is feasible, deploying this hotfix also
mitigates the vulnerability.
Installing the Hotfix: Via 'easy_install'
- ---
If the Python which runs your Zope instance has 'setuptools'
installed (or is a 'virtualenv'), you can install the hotfix
directly from PyPI::
$ /prefix/bin/easy_install Products.Zope_Hotfix_20111024
and then restart the Zope instance, e.g.:
$ /path/to/instance/bin/zopectl restart
Installing the Hotfix: Via 'zc.buildout'
- -
If your Zope instance is managed via 'zc.buildout', you can
install the hotfix directly from PyPI. Edit the 'buildout.cfg'
file, adding "Products.Zope_Hotfix_20111024" to the "eggs"
section of the instance. E.g.::
[instance] recipe = plone.recipe.zope2instance #... eggs =
${buildout:eggs} Products.Zope_Hotfix_20111024
Next, re-run the buildout::
$ /path/to/buildout/bin/buildout
and then restart the Zope instance, e.g.:
$ /path/to/buildout/bin/instance restart
Installing the Hotfix: Manual Installation
- ---
You may also install this hotfix manually. Download the tarball from
the PyPI page:
http://pypi.python.org/pypi/Products.Zope_Hotfix_20111024
Unpack the tarball and add a 'products' key to the 'etc/zope.conf' of
your instance. E.g.::
products /path/to/Products.Zope_Hotfix_20111024/Products
and restart.
Verifying the Installation
- --
After restarting the Zope instance, check the
'Control_Panel/Products' folder in the Zope Management Interface,
e.g.:
http://localhost:8080/Control_Panel/Products/manage_main
You should see the 'Zope_Hotfix_20111024' product folder there.
Tres.
- --
===
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6l3pQACgkQ+gerLs4ltQ66AgCfT1cd94LXzBtdzNiBqKXnGBIF
7dwAoISO0AkuvERn+cw4W0cPo82c5r+D
=xRBY
-END PGP SIGNATURE-
___
Zope-Announce maillist - Zope-Announce@zope.org
https://mail.zope.org/mailman/listinfo/zope-announce
Zope-Announce for Announcements only - no discussions
(Related lists -
Users: https://mail.zope.org/mailman/listinfo/zope
Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Security vulnerabiity 20110928: Arbitrary Code Execution (pre-announcement)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Zope security response team is pre-announcing a fix for a vulnerability in Zope 2.12.x and Zope 2.13.x that allows execution of arbitrary code by anonymous users. This is a severe vulnerability that allows an unauthenticated attacker to employ a carefully crafted web request to execute arbitrary commands with the privileges of the Zope service. Versions Affected: Zope 2.12.x and Zope 2.13.x. Versions Not Affected: Zope 2.9.x, Zope 2.10.x, Zope 2.11.x This is a pre-announcement. Due to the severity of this issue we are providing an advance warning of an upcoming patch, which will be released 2011-10-04 15:00 UTC. What you should do in advance of patch availability === Due to the nature of the vulnerability, the security team has decided to pre-announce that a fix is upcoming before disclosing the details. This is to ensure that concerned users can plan around the release. As the fix being published will make the details of the vulnerability public, we are recommending that all users plan a maintenance window for 30 minutes either side of the announcement where your site is completely inaccessible in which to install the fix. Meanwhile, we STRONGLY recommend that you take the following steps to protect your site: - - Make sure that the Zope service is running with with minimum privileges. Ideally, the Zope and ZEO services should be able to write only to log and data directories. - - Use an intrusion detection system that monitors key system resources for unauthorized changes. - - Monitor your Zope, reverse-proxy request and system logs for unusual activity. In this case, these are standard precautions that should be employed on any production system. Extra help == Should you not have in-house server administrators or a service agreement looking after your website you can find consultancy companies on plone.net. There is also free support available online via Zope mailing lists and the #zope IRC channels. Questions and Answers = Q: When will the patch be made available? A: The Security Team will release the patch at 2011-10-04 15:00 UTC. Q. What will be involved in applying the patch? A. Patches are made available as tarball-style archives that may be unpacked into the “products” folder of a buildout installation and as Python packages that may be installed by editing a buildout configuration file and running buildout. Patching is generally easy and quick to accomplish. Q: How was this vulnerability found? A: This issue was found as part of a routine audit performed by the Plone Security team. Q: My site is highly visible and mission-critical. I hear the patch has already been developed. Can I get the fix before the release date? A: No. The patch will be made available to all users at the same time. There are no exceptions. Q: If the patch has been developed already, why isn't it already made available to the public? A: The Security Team is still testing the patch and running various scenarios thoroughly. The team is also making sure everybody has appropriate time to plan to patch their Zope installation(s). Some consultancy organizations have hundreds of sites to patch and need the extra time to coordinate their efforts with their clients. Q: How does one exploit the vulnerability? A: This information will not be made available until after the patch is made available. Q: Is there a CVE record for this vulnerability? A: Not yet. This information will be added when available. If you have specific questions about this vulnerability or its handling, contact the Zope Security Team, security-respo...@zope.org. To report potentially security-related issues, please send a mail to the Zope Security Team at security-respo...@zope.org. The security team is always happy to credit individuals and companies who make responsible disclosures. Information for vulnerability database maintainers == CVSS Base Score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:P/RL:O/RC:C) Impact Subscore 6.4 Exploitability Subscore 10 CVSS Temporal Score 5.9 Credit Alan Hoey Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6DlaMACgkQ+gerLs4ltQ7D+gCgz6WA6J44vxkhjnJGquBzCR33 nPgAn3cl0/do5VB+B6h9WmM22yIGOb7Z =/HcQ -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope De
[Zope-Annce] PAS 1.5.5, 1.6.5, and 1.7.5 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have pushed out releases of PAS in order to address a potential security vulnerability reported by Alan Hoey: https://bugs.launchpad.net/zope-pas/+bug/789858 The releases are available on PyPI: http://pypi.python.org/pypi/Products.PluggableAuthService/1.5.5 http://pypi.python.org/pypi/Products.PluggableAuthService/1.6.5 http://pypi.python.org/pypi/Products.PluggableAuthService/1.7.5 If you cannot install one of these versions for some reason, the patch on the Launchpad should be applicable (with some fuzz) to any PAS version since 1.4. Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3j2PoACgkQ+gerLs4ltQ7yfQCgt+WJSObr8jaZTyGdvH8oTFOC R6gAoJtsVcJVsIIOjQptR/O2XARjfdIt =y9Pc -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Announcement: 2011 Zope Foundation Board Elections and General Meeting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (apologies in advance for the cross-post: we need this to reach the whole Zope community). The Zope Foundation board is pleased to announce that the regular 2011 general meeting of the foundation will be held on Wednesday, 16 March 2011, at 15:00 UTC. The meeting will be conducted via IRC at the following channel: irc://irc.freenode.net/#zope-foundation Prior to that meeting, the current board will conduct an elections in which foundation members will select seven (7) board members in accordance with the foundation bylaws[1]. Summary - --- - - Nominations open via the foundat...@zope.org mailing list until Friday, 2011-02-11. - - Voting via e-mail to a closed mailing list, from Wednesday, 2011-02-16 through Friday, 2011-03-04. - - Votes tallied by representatives of the current board, using "Meek and Warrent STV" method using OpenSTV software. - - General meeting and seating of the new board, Wednesday, 2011-03-16. Procedure for Elections - --- The procedure for the elections is as follows: - - Foundation members may nominate any member by responding to the board's announcement on the foundat...@zope.org mailing list. Nominations will remain open until Friday, 2011-02-11, 23:00 UTC. - - At the close of the nominations period, the board will create a new mailman list, 'zf-elections-2011', and approve all ZF members to post to the list.. In order to preserve anonymity of votes, foundation members will not be subscribers to the list; access to the list archives will be restricted to the "tellers" appointed by the board. - - On Wednesday, 2011-02-16, the Secretary will send an e-mail announcing the opening of the voting period. This e-mail will contain the ballot, with careful instructions about how to rank preferences in the reply. The Reply-to header of this e-mail will be set to the 'zf-elections-2011' list. - - ZF members will vote by replying to that e-mail. Voting will remain open until Friday, 2011-03-04, 23:00 UTC. - - At the close of voting, the board will appoint two of its members as "tellers." The tellers will use the list archive to tabulate the members' votes, using the OpenSTV application[2] configured to use the Meek and Warren STV method[3]. The tellers will report the election results, along with the raw tallies, at a special board meeting to be held on Tuesday, 2011-03-15, 15:00 UTC. - - After canvassing the results from the tellers, the board will notify all nominees of the success / failure of their candidacy, thanking them for their willingness to serve. - - At the general meeting, the last item on the agenda will the announcement of the election results, including a vote to "seat" the board. An online version of this announcement is available at: http://foundation.zope.org/news/2011_election_and_general_meeting/ References - -- [1] http://foundation.zope.org/bylaws/zope_foundation_bylaws.pdf [2] http://stv.sourceforge.net/aboutopenstv [3] http://stv.sourceforge.net/votingmethods/meek Tres. - -- ======= Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1B8owACgkQ+gerLs4ltQ7OaACfSBCwcbLsELAk/n9eW0CblmMz UvcAn0a1hIhLiocRo8GG431ccPnzDK7/ =2p6F -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Annoucement: Zope 2.10.12 and 2.11.7 Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On behalf of Zope developer community I am pleased to announce the release of Zope 2.10.12 and Zope 2.11.7. You can download the source version of Zope 2.10.12 from http://www.zope.org/Products/Zope/2.10.12/ You can download the source version of Zope 2.11.7 from http://www.zope.org/Products/Zope/2.11.7/ These releases fix a bug which could be exploited to create a denial-of-service in certain non-default configurations of Zope (CVE-2010-3198). All users of earlier 2.10.x and 2.11.x versions of Zope should upgrade to the corresponding version. For more information on what is new in this release, see the changelogs: - - http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt - - http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt Note: Zope 2.10 and 2.11 require Python 2.4.5 or higher (Python 2.4.4 is still acceptable). Older Python versions are no longer supported. Python 2.5 and later are not supported. Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkx+m9IACgkQ+gerLs4ltQ4o3wCfZQphgGqgvL1PMnx3irlUTRfc rtkAoLIwWyvnpo6btD+LGbf9EgM7bWfO =pM3B -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] [ZF] Announcement: 2010 Zope Foundation Board Elections and General Meeting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (apologies in advance for the cross-post: we need this to reach the whole Zope community). The Zope Foundation board is pleased to announce the regular 2010 general meeting of the foundation will be held on Wednesday, 24 February 2010, at 17:00 UTC. The meeting will be conducted via IRC at the following channel: irc://irc.freenode.net/#zope-foundation Prior to that meeting, the current board will conduct an elections in which foundation members will select seven (7) board members in accordance with the foundation bylaws[1]. Summary - --- - - Nominations open via the foundat...@zope.org mailing list until Friday, 2010-01-29. - - Voting via e-mail to a closed mailing list, from Wednesday, 2010-02-03 through Friday, 2010-02-19. - - Votes tallied by representatives of the current board, using "Meek and Warrent STV" method using OpenSTV software. - - General meeting and seating of the new board, Wednesday, 2010-02-24. Procedure for Elections - --- The procedure for the elections is as follows: - - Foundation members may nominate any member by responding to the board's announcment on the foundat...@zope.org maling list. Nominations will remain open until Friday, 2010-01-29, 23:00 UTC. - - At the close of the nominations period, the board will create a new mailman list, 'zf-elections-2010', and approve all ZF members to post to the list.. In order to preserve anonymity of votes, foundation members will not be subscribers to the list; access to the list archives will be restricted to the "tellers" appointed by the board. - - On Wednesday, 2010-02-03, the Secretary will send an e-mail announcing the opening of the voting period. This email will contain the ballot, with careful instructions about how to rank preferences in the reply. The Reply-to header of this e-mail will be set to the 'zf-elections-2010' list. - - ZF members will vote by replying to that e-mail. Voting will remain open until Friday, 2010-02-19, 23:00 UTC. - - At the close of voting, the board will appoint two of its members as "tellers." The tellers will use the list archive to tabulate the members' votes, using the OpenSTV application[2] configured to use the Meek and Warren STV method[3]. The tellers will report the election results, along with the raw tallies, at a special board meeting to be held on Tuesday, 2009-02-23, 15:00 UTC. - - After canvassing the results from the tellers, the board will notify all nominees of the success / failure of their candidacy, thanking them for their willingness to serve. - - At the general meeting, the last item on the agenda will the announcement of the election results, including a vote to "seat" the board. An online version of this announcement is available at: http://foundation.zope.org/news/2010_election_and_general_meeting/ References - -- [1] http://foundation.zope.org/bylaws/zope_foundation_bylaws.pdf [2] http://stv.sourceforge.net/aboutopenstv [3] http://stv.sourceforge.net/votingmethods/meek Tres. - -- ======= Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktZ3V8ACgkQ+gerLs4ltQ6sDQCfbV+M85FnxeiSypdy0WBHle1A 7+sAn2aZoP5pb0sqK4ir84d9rhm09HiO =urx1 -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] New Zope2 releases available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In order to address a potential cross-site scripting problem in Zope's fallback error message, we are releasing new versions of the 2.8, 2.9, 2.10, 2.11, and 2.12 release lines. The issue, reported by the Plone team, could be triggered by a combination of a broken 'standard_error_message' template, plus an error whose 'str' contained markup. Although the 2.8, 2.9, and 2.10 branches are formally "out-of- maintenance", they are still in very wide use. the Zope security response team decided to release versions for those branches, in addition to the 2.11 and 2.12 branches which are still being supported under normal policy. Releases are available here: - - "Zope 2.8.12", http://www.zope.org/Products/Zope/2.8.12 - - "Zope 2.9.12", http://www.zope.org/Products/Zope/2.9.12 - - "Zope 2.10.11", http://www.zope.org/Products/Zope/2.10.22 - - "Zope 2.11.6", http://www.zope.org/Products/Zope/2.11.6 - - "Zope 2.12.3", http://pypi.zope.org/pypi/Zope2/2.12.3 Please note that the 2.12 releases are made only on the Python Package Index server, aka "PyPI" or "the Cheeseshop." Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktNPJYACgkQ+gerLs4ltQ6P1QCeJk6B+kIz9tXmN2oGYxFh1HuT WTIAoKevoMU9XOLmTJgpiRuLk7dHZnZv =PrpY -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org https://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: https://mail.zope.org/mailman/listinfo/zope Developers: https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] (REMINDER) Updated e-mail addresses due this week
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (Please forgive the crosspost, and follow up to me directly with questions, rather than CC'ing the lists). In order to complete the transition of copyrights from Zope Corporation to the Zope Foundation, we need to refresh all committer agreements, and therefore need to be able to reach all committers via a valid e-mail address. If you have ever made a checkin to the the Zope CVS or subversion repositories, please verify that your profile information on www.zope.org is up to date (the e-mail address, in particular). The Zope Foundation board will be sending out a request for the new forms within the next week: committers who do not make a timely reply to that request will have their checkin access suspended until they complete the form. If you know a committer who is unlikely to receive this e-mail via one of the cross-posted lists, please forward this e-mail to them Thank you for your cooperation, and for your continued support of Zope! Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKFBUK+gerLs4ltQ4RAhcoAKCx2v+rVe7i8mNy991CesILn9Xq6gCfePKa zCxBX/6d6a6DvUO1Jh+cdnU= =n4Cc -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope-Annce] Zope 2.10.8 and Zope 2.11.3 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Jung wrote: > Hi all, > > on behalf of Zope developer community I am pleased to announce > the release of Zope 2.10.8 and Zope 2.11.3. > > You can find the sources and release information at > > http://www.zope.org/Products/Zope/2.11.8 Just for clarity: the URL for Zope 2.10.8 is: http://www.zope.org/Products/Zope/2.10.8 > http://www.zope.org/Products/Zope/2.11.3 > > Please bring all the bugs you have found to the Zope bugtracker: > >https://bugs.launchpad.net/zope2 > > For more information on the available Zope releases, guidance for selecting > the right distribution and installation instructions, please see: > >http://www.plope.com/Books/2_7Edition/InstallingZope.stx > > Supported Python versions: > > Zope 2.10/2.11 require Python 2.4.5 (Python 2.4.4 is still acceptable). > Other Python versions are not supported. Tres. - -- ======= Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ/ETT+gerLs4ltQ4RAqqcAJ96U7nmy6GTcKkhRg3jChVf7mo3MQCffXE3 m9ew8jjZ97vev86Deg1Jegs= =ig0L -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Request for updated e-mail addresses
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (Please forgive the crosspost, and follow up to me directly with questions, rather than CC'ing the lists). In order to complete the transition of copyrights from Zope Corporation to the Zope Foundation, we need to refresh all committer agreements, and therefore need to be able to reach all committers via a valid e-mail address. If you have ever made a checkin to the the Zope CVS or subversion repositories, please verify that your profile information on www.zope.org is up to date (the e-mail address, in particular). The Zope Foundation board will be sending out a request for the new forms within the next month: committers who do not make a timely reply to that request will have their checkin access suspended until they complete the form. If you know a committer who is unlikely to receive this e-mail via one of the cross-posted lists, please forward this e-mail to them Thank you for your cooperation, and for your continued support of Zope! Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ8eCz+gerLs4ltQ4RAkk5AJ9Fh9Mm7IzHmBxHRgSRSvFat728GgCeMOr6 Kz94Hbg2KGZqpjtd1XCmBOk= =8gi4 -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Announcing: Zope 4.0 project
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On behalf of the Zope community, I am pleased to announce the creation of the "Zope 4.0" project. After extensive discussion with the Zope wizards in conclave at PyCon 2009, the new project's website has been launched: http://zopefour.org/ Enjoy! Tres. - -- ======= Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ01VR+gerLs4ltQ4RAiljAKCACB9aMtI3YnsXPZss4hdEDrA7FACgsqv7 3jR6FQeEy0qpX4D4NOX+HsA= =q8Fu -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Reminder: Zope Foundation annual meeting (Oct 31, 2007, 14:00 UTC)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aroldo Souza-Leite wrote: > Zope Foundation > To the Membership at Large > > Call to the annual meeting. > > On behalf of the Zope Foundation Board of Directors, I call the Zope > Foundation members of all membership classes to the annual meeting on > > Wednesday, October 31, 2007 > at 14:00 UTC (please check local time zone) > > The meeting will take place on IRC. > > The newly elected Board of Directors will be seated at the annual > meeting. > > Zope Foundation members of all membership classes are expected to be > subscribed to the [EMAIL PROTECTED] mailing list. > > Further information and the meeting agenda will be sent to the > [EMAIL PROTECTED] mailing list in the course of the next three weeks. > > With best regards, > > Aroldo. > --- > Aroldo Souza-Leite > Zope Foundation, Inc > Board of Directors > Chairman Technical Notes === Time Zone in GMT - Please verify the time of the meeting in your own local time zone by selecting that zone on the following page and submitting the form: http://www.timezoneconverter.com/cgi-bin/tzc.tzc?use_current_datetime=0&month=10&day=31&year=2007&time=14:00:00&time_type=24hour&fromzone=GMT IRC Mechanics - - The meeting will be conducted on the following IRC channel: irc://irc.freenode.net/#zope-foundation Prior to the call-to-order, the chair will request that Foundation members present identify themselves by saying their full names on the channel. Between the call-to-order and adjournment, the channel will be moderated, with the chair recognizing speakers. Foundation Members who wish to be recognized by the chair, and therefore receive "voice" on the channel during the moderated segment, will need to authenticate with the Freenode NickServ; please see the following document on how to set up an authenticated nickname: http://freenode.net/faq.shtml#userregistration For the board, Tres. - -- === Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJgFO+gerLs4ltQ4RAuwpAKCl0kE0iEcDRUcFlYANv9fMS2y5zwCePYCB 2VQtEBSsvnnJt74cn7ihku0= =tZz4 -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Re: Grok 0.10.1 released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martijn Faassen wrote: > Hi there, > > 2007-10-10 - The Grok project is happy to release Grok 0.10.1! Grok > 0.10.1 is a bugfix release of Grok, and the first outcome of the > Neanderthal Grok sprint that was hosted by GfU Cyrus in Cologne, > Germany, last week. > > The sole aim of this release is to fix Grok's installation story. > Releases of Zope 3 components that Grok relied on had the tendency to > break Grok. Since Grok now uses a fixed list of versions it relies on, > this problem should now be solved. The grokproject tool has also been > updated to 0.6, and now automatically uses the version list feature. > > To update grokproject to 0.6, please type the following: > > $ easy_install -U grokproject > > For more information about this release, including instructions on how > to update existing buildouts to use the version list feature, see > here: > > http://grok.zope.org/releaseinfo/readme.html > > What is Grok? > - > > Grok: now even cavemen can use Zope 3 > > Grok is a web application framework based on Zope 3 technology. Grok > aims to make Zope 3 technology more easy to use for beginners and > experienced developers alike. > > More about Grok: http://grok.zope.org grokproject appears to be broken:: [/home/tseaver/tmp] $ python VE-trunk/virtualenv.py --no-site-packages gtest New python executable in gtest/bin/python Installing setuptoolsdone. [/home/tseaver/tmp] $ cd gtest/ [/home/tseaver/tmp/gtest] $ bin/easy_install grokproject Searching for grokproject Reading http://pypi.python.org/simple/grokproject/ Reading https://launchpad.net/grok Best match: grokproject 0.6 Downloading http://pypi.python.org/packages/source/g/grokproject/grokproject-0.6.tar.gz#md5=b4901c46bcf1f0682c762506cdc76c47 Processing grokproject-0.6.tar.gz Running grokproject-0.6/setup.py -q bdist_egg --dist-dir /tmp/easy_install-q39YBI/grokproject-0.6/egg-dist-tmp-2DPklW Adding grokproject 0.6 to easy-install.pth file Installing grokproject script to /home/tseaver/tmp/gtest/bin Installed /home/tseaver/tmp/gtest/lib/python2.5/site-packages/grokproject-0.6-py2.5.egg Processing dependencies for grokproject Searching for PasteScript>=1.3 Reading http://pypi.python.org/simple/PasteScript/ Reading http://pythonpaste.org/script/ Best match: PasteScript 1.3.6 Downloading http://pypi.python.org/packages/source/P/PasteScript/PasteScript-1.3.6.tar.gz#md5=6a79da14870f0bbe9c1f7d4d12912437 Processing PasteScript-1.3.6.tar.gz Running PasteScript-1.3.6/setup.py -q bdist_egg --dist-dir /tmp/easy_install-TEYY_4/PasteScript-1.3.6/egg-dist-tmp-v8tUrz Adding PasteScript 1.3.6 to easy-install.pth file Installing paster script to /home/tseaver/tmp/gtest/bin Installing paster script to /home/tseaver/tmp/gtest/bin Installed /home/tseaver/tmp/gtest/lib/python2.5/site-packages/PasteScript-1.3.6-py2.5.egg Searching for PasteDeploy Reading http://pypi.python.org/simple/PasteDeploy/ Reading http://pythonpaste.org/deploy/paste-deploy.html Reading http://pythonpaste.org/deploy/ Best match: PasteDeploy 1.3.1 Downloading http://pypi.python.org/packages/source/P/PasteDeploy/PasteDeploy-1.3.1.tar.gz#md5=a14b360b4ddb0d3ca7aa9bad41d6c91c Processing PasteDeploy-1.3.1.tar.gz Running PasteDeploy-1.3.1/setup.py -q bdist_egg --dist-dir /tmp/easy_install-Yb3hMF/PasteDeploy-1.3.1/egg-dist-tmp-OyRTGE warning: no files found matching 'docs/*.html' warning: no previously-included files found matching 'docs/rebuild' Adding PasteDeploy 1.3.1 to easy-install.pth file Installed /home/tseaver/tmp/gtest/lib/python2.5/site-packages/PasteDeploy-1.3.1-py2.5.egg Searching for Paste>=1.3 Reading http://pypi.python.org/simple/Paste/ Reading http://pythonpaste.org Best match: Paste 1.4.2 Downloading http://pypi.python.org/packages/source/P/Paste/Paste-1.4.2.tar.gz#md5=109bd6b0edd6de3a5ee5feaf42acd6aa Processing Paste-1.4.2.tar.gz Running Paste-1.4.2/setup.py -q bdist_egg --dist-dir /tmp/easy_install-jdPUJu/Paste-1.4.2/egg-dist-tmp-6pbNoK Adding Paste 1.4.2 to easy-install.pth file Installed /home/tseaver/tmp/gtest/lib/python2.5/site-packages/Paste-1.4.2-py2.5.egg Finished processing dependencies for grokproject [/home/tseaver/tmp/gtest] $ bin/grokproject mytest Enter module (Name of a demo Python module placed into the package) ['app.py']: Enter user (Name of an initial administrator user): zope Enter passwd (Password for the initial administrator user): r00ler Enter eggs_dir (Location where zc.buildout will look for and place packages) ['/home/tseaver/buildout-eggs']: Creating directory ./mytest Downloading zc.buildout... Invoking zc.buildout... While: Installing. Getting section app. Initializing section app. Installing recipe zc.zope3recipes>=0.5.3. Getting distribution for 'zc.zope3recipes==0.6b1'. Error: Couldn&#x
[Zope-Annce] CMF 1.6.4 Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On behalf of the CMF developer community, I am pleased to announce the release of version 1.6.4 of the Zope Content Managment Framework (CMF). This is a bugfix release, and is a recommended upgrade for users running an earlier release of the CMF in the 1.6.x line. What is the CMF? The Zope Content Management Framework provides a set of services and content objects useful for building highly dynamic, content-oriented portal sites. The CMF provides the foundation for popular software packages such as Plone. It is intended to be easily customizable, in terms of both the types of content used and the policies and services it provides. Where do I get it? For release files, change logs, installation instructions and more please visit "http://www.zope.org/Products/CMF/CMF-1.6.4";, http://www.zope.org/Products/CMF/CMF-1.6.4. Roadmap and release information can be found at "http://www.zope.org/Products/CMF/docs/roadmap";, http://www.zope.org/Products/CMF/docs/roadmap. The CMF mailing list can be reached at the [EMAIL PROTECTED] address, to sign up please visit "http://mail.zope.org/mailman/listinfo/zope-cmf";, http://mail.zope.org/mailman/listinfo/zope-cmf. Please file bug reports, feature requests or suggestions in the CMF bug collector at "http://www.zope.org/Collectors/CMF";, http://www.zope.org/Collectors/CMF. What has changed since the last release? There were no changes from CMF 1.6.4-beta. Important changes in that release included: - Switched to using GenericSetup 1.2 final release (from 1.2-beta). - Used the property API to get the member specific skin, because direct attribute access won't work with PAS based membership. (http://dev.plone.org/plone/ticket/5904) - Add POST-only protections to security critical methods (see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0240). Tres. - -- ======= Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGSg9W+gerLs4ltQ4RAozkAJ9iF//m5BmUPRkyLMdzlhQuEBSh8wCeLIwp DfTP2RyyDVWTwiEFa3n9SIw= =t2Qr -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] CMF 1.6.4-beta released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The CMF developer community is hereby announcing the release of CMF version 1.6.3\4-beta. Barring any problems, the final version will be released in about a week. What is the CMF? The Zope Content Management Framework provides a set of services and content objects useful for building highly dynamic, content-oriented portal sites. The CMF provides the foundation for popular software packages such as Plone. It is intended to be easily customizable, in terms of both the types of content used and the policies and services it provides. Where do I get it? For release files, change logs, installation instructions and more please visit http://www.zope.org/Products/CMF/CMF-1.6.4-beta. Roadmap and release information can be found at http://www.zope.org/Products/CMF/docs/roadmap. The CMF mailing list can be reached at the [EMAIL PROTECTED] address, to sign up please visit http://mail.zope.org/mailman/listinfo/zope-cmf. Please file bug reports, feature requests or suggestions in the CMF bug collector at http://www.zope.org/Collectors/CMF . What has changed since the last release? Bug Fixes - Fixed test breakage / spew when running on Zope 2.8. - Use the property API to get the member specific skin, because direct attribute access won't work with PAS based membership. (http://dev.plone.org/plone/ticket/5904) - Add POST-only protections to security critical methods (see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0240). - Fixed DST-driven test breakage in CMFCalendar by adding an optional 'zone' argument to the DublineCore methods which return string renditions of date metadata. (http://www.zope.org/Collectors/CMF/476) Other Changes - Switch to using GenericSetup 1.2 final release (From 1.2beta). - -- ======= Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGL2hi+gerLs4ltQ4RAjZrAKDSGi1JKnUrzB/P2lUopB1m3vZN/wCg2vY0 ioPV/eSoYHpTDzNLKR0jeF4= =DxOc -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Announcing the Release of Zope version 2.8.9.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On behalf of Zope Corporation and the Zope community I am pleased to announce the release of Zope 2.8.9.1. You can download the sources from "http://www.zope.org/Products/Zope/2.8.9.1/";, http://www.zope.org/Products/Zope/2.8.9.1 This bugfix release corrects a problem introduced in 2.8.9, which prevented starting Zope in "background" / "daemonized" mode. New features of Zope 2.8.x - ZODB 3.4 with MVCC (multi version concurrency control) support. MVCC solves nearly every problem with ZODB read-conflict errors which is very important for high-traffic Zope sites. - Extension Classes were rewritten as Python new-style classes making all features of Python new-style classes available in Zope objects. This includes support for cyclic garbage collection. - Integration of Zope 3 technologies through Five (see http://codespeak.net/z3/five/) More Information For more information on what is new in this release, see the CHANGES.txt files for the release: "http://www.zope.org/Products/Zope/2.8.9.1/CHANGES.txt";, http://www.zope.org/Products/Zope/2.8.9.1/CHANGES.txt See also: "http://www.zope.org/Wikis/DevSite/Projects/Zope2.8/OverView"; http://www.zope.org/Wikis/DevSite/Projects/Zope2.8/OverView For more information on the available Zope releases, guidance for selecting the right distribution and installation instructions, please see: "http://www.plope.com/Books/2_7Edition/InstallingZope.stx";, http://www.plope.com/Books/2_7Edition/InstallingZope.stx Reporting Bugs Please report all the bugs you have found to the Zope bugtracker: "http://collector.zope.org/Zope";, http://collector.zope.org/Zope Supported Python versions At this time the only **supported** and **recommended** Python versions are 2.3.5 and 2.3.6. Using Python 2.4.X is **not supported** and **not recommended** at this time. Python 2.4.X will be supported when a security audit takes place. This means that you are using Python 2.4 + Zope 2.8 at **your own risk**. This warning also applies to binary packages that install Zope packages ogether with a system wide Python 2.4 installation (e.g. Fedora, SuSE...). Such installations are in general not supported. In addition there some third-party products and Python packages that don't work with Python 2.4 and can cause trouble when using Python 2.4. - -- === Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGDCIL+gerLs4ltQ4RAjV8AJ4qc4gChSxhoDQC2E+l+5UbbTr2kgCgiDZf f23x570Y4wNvsWcS55QZ8+o= =CNr8 -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope-Annce] Zope 2.8.9, Zope 2.9.7, Zope 2.10.3 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc Balmer wrote: > Andreas Jung wrote: > >> I uploaded corrected versions of the Zope 2.9.7 and 2.10.3 tar-balls. >> The tar-balls released yesterday contained a bug that caused >> a startup failure when using "zopectl start". > > don't do this again. Don't do what? I was about to agree, as I don't think re-releasing under the same version number was correct: the new releases should be 2.9.7.1, 2.10.3.1, or something similary (or bump to 2.9.8, 2.10.4). > this bug is so obvious to catch that I have some serious doubts about > your software testing process. are you releasing totally untested code? > can we trust your releases in the future, will you change sth in your > process? The testing that gets done is not done from "released" tarballs, but from subversion checkouts. This was a bug in the process that created the tarball from a checkout, and not in the underlying Zope software itself. I *think* it also affected only those who build and install Zope as root, although I can't tell for sure, since the tarballs have been replaced. At any rate, I *never* build, install, or run Zope as root, and hence would never have noticed the problem, even if I were doing the releases myself. > Releasing software as a security fix that does not even start makes you > look like a moron, I am sorry to say. Too harsh. Certainly nobody likes having released a "brown bagger", but mistakes do happen. Tres. - -- === Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGCDHa+gerLs4ltQ4RAqHbAJ9UvloqzCCj9NrCaGSeYZDfZduaJwCdFH5l ydlyxzoHGP7aNnVjG1IJClU= =6vHA -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] PluggableAuthService 1.4.1 Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Announcing the release of version 1.4.1 of the PluggableAuthService (PAS) product. This is a bugfix release, and is a recommended upgrade for sites currently running PAS 1.4. Overview This product defines a fully-pluggable user folder, intended for use in all Zope sites. Documentation Please see the files under doc/ in the packaged software for more information, and consult the interfaces files under interfaces/ in the software package for PluggableAuthService and plugin APIs. Bugs Fixed - BasePlugin: The listInterfaces method only considered the old-style __implements__ machinery when determining interfaces provided by a plugin instance. - Made sure the emergency user via HTTP basic auth always wins, no matter how borken the plugin landscape. - ZODBUserManager: Already encrypted passwords were encrypted again in addUser and updateUserPassword (backported from trunk). (http://www.zope.org/Collectors/Zope/1926) More Information - Mailing list: http://lists.zope.org/mailman/listinfo/zope-pas/ - Collector: http://www.zope.org/Collectors/PAS/ - Subversion repository: http://svn.zope.org/PluggableAuthService/ Tres. - -- === Tres Seaver +1 540-429-0999 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFiFTs+gerLs4ltQ4RAoWqAJ47rKE/dAoEGnS062/UjHz/U9tUUwCg2JFE VoEhfGiw91hND9+M8oeuILU= =ED/v -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] PluggableAuthenticationService, version 1.4 Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Announcement I'm pleased to announce that the final 1.4 version of the Zope PluggableAuthenticationService product is now available at: http://www.zope.org/Products/PluggableAuthService/PluggableAuthService-1.4 What is this thing? The PluggableAuthenticationService (PAS) is a mini-framework for extensible and configurable authentication, and authorization of users within Zope. What's New? This release includes a fix for Janko Hauser's issue #46, as well as some documentation cleanups. The major new feature in the 1.4 line is a new "Configured PAS" ZMI add list entry, which uses GenericSetup to create pre-configured user folders. Where do I learn more? - Please see CHANGES.txt for a complete change history. - Please report bugs to the PAS collector: http://www.zope.org/Collectors/PAS - The PAS mailing list, 'zope-pas@zope.org', is where the developers and users of PAS hang out. Tres. - -- ======= Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE872++gerLs4ltQ4RAknwAKC6xKHbtghDPOWnbfs0towbNFymywCgluDc hWs3K3EMgh+CtpgMupNxcfQ= =91SZ -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Announcing the release of Zope version 2.8.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Zope 2.8.8 Released On behalf of Zope Corporation and the Zope community I am pleased to announce the release of Zope 2.8.8. You can download the sources from "http://www.zope.org/Products/Zope/2.8.8/";, http://www.zope.org/Products/Zope/2.8.8 This bugfix release corrects the information exposure vulnerability addressed in the "2007/07/05 Hotfix.", http://www.zope.org/Products/Zope/Hotfix-2006-07-05 You may remove that hotvix product from your instances after upgrading to this version of Zope. New features of Zope 2.8.x - ZODB 3.4 with MVCC (multi version concurrency control) support. MVCC solves nearly every problem with ZODB read-conflict errors which is very important for high-traffic Zope sites. - Extension Classes were rewritten as Python new-style classes making all features of Python new-style classes available in Zope objects. This includes support for cyclic garbage collection. - Integration of Zope 3 technologies through Five (see http://codespeak.net/z3/five/) More Information For more information on what is new in this release, see the CHANGES.txt files for the release: "http://www.zope.org/Products/Zope/2.8.8/CHANGES.txt";, http://www.zope.org/Products/Zope/2.8.8/CHANGES.txt See also: "http://www.zope.org/Wikis/DevSite/Projects/Zope2.8/OverView"; http://www.zope.org/Wikis/DevSite/Projects/Zope2.8/OverView For more information on the available Zope releases, guidance for selecting the right distribution and installation instructions, please see: "http://www.plope.com/Books/2_7Edition/InstallingZope.stx";, http://www.plope.com/Books/2_7Edition/InstallingZope.stx Reporting Bugs Please report all the bugs you have found to the Zope bugtracker: "http://collector.zope.org/Zope";, http://collector.zope.org/Zope Supported Python versions At this time the only **supported** and **recommended** Python versions are 2.3.4 and 2.3.5. Using Python 2.4.X is **not supported** and **not recommended** at this time. Python 2.4.X will be supported when a security audit takes place. This means that you are using Python 2.4 + Zope 2.8 at **your own risk**. This warning also applies to binary packages that install Zope packages together with a system wide Python 2.4 installation (e.g. Fedora, SuSE...). Such installations are in general not supported. In addition there some third-party products and Python packages that don't work with Python 2.4 and can cause trouble when using Python 2.4. Tres. - -- ======= Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEuB6X+gerLs4ltQ4RAofcAJ9lX+PxqXvlOv8Dl8tnxq2H/NLACwCfW5zN h2S/BSncs4Vb3BNBVeydsv0= =uDd5 -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Re: [ZF] Zope Foundation IRC - Reminder
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rob Page wrote: > I wanted to send a brief reminder about the upcoming > IRC to discuss the formation of the Zope Foundation. > Hope to see you there! > > o IRC: We have scheduled the following IRCs to > discuss the docs in real time: > > Who:Zope Community > What: IRC to discuss Zope Foundation formation > documents. > Where: #zope on irc.freenode.net > > When: #1: Fri, Dec 9, 730a - 9a (US/EST) > #2: Tue, Dec 20, 730a - 830a (US/EST) > > US/EST is GMT-5. In case list readers haven't seen it yet: Chris McDonough has a transcript of this morning's chat up at: http://plope.com/Members/chrism/foundation_dec9 BTW, I'm sorry I couldn't make it this morning: I was waiting to board a plane in Birmingham. Tres. - -- === Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDmmwo+gerLs4ltQ4RAg6lAKDH0wSeSdsP+uMKEBiPZDybR6pZLgCeL0qq ZLSvRDDhKWDC7J+mNMbmKw0= =kaMm -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] Re: [ANN] Zope 2.8.0 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fred Drake wrote: > On 6/11/05, Andreas Jung <[EMAIL PROTECTED]> wrote: > >> Jim Fulton, Christian Theune, Tim Peters, Fred Drake Jr., Marc Hammond, >>Sidnei da Silva, Tres Seaver, Stefan Holek, Chris McDonough, > > > Don't forget that Andreas Jung character! This wouldn't have happened > without his persistence and dedication. > > Thanks, Andreas! Amen! Amen! Tres. - -- === Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCq3WS+gerLs4ltQ4RAixTAKC3yKPBIBEQEsxm6oEy9IPs4D3jdACfaJuZ ESeRs7Z4XT6aB5fwhaZV+Jo= =jlNd -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] (Security) Hotfix_20050405 Released (URL correction)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Overview Zope Corporation has released a Zope hotfix product addressing a potential vulnerability discovered during a recent security audit of Zope 2.7 and 2.8. Affected Versions The hotfix affects versions 2.7.5 and earlier of Zope on the 2.7 release line, as well as versions 2.8a1 and 2.8a2 on the upcoming 2.8 release line. The vulnerability will be resolved in versions 2.7.6 and 2.8b1. We recommend that any site which permits untrusted users to write PythonScripts apply this hotfix, and upgrade to a fixed version of Zope as it becomes available. Further Information Please see the "product README", http://www.zope.org/Products/Zope/Hotfix-2005-04-05/Hotfix-20050405/README.txt for details on the vulnerability, and for instructions on installing the hotfix. Downloading the Hotfix - "Unix tarball", http://www.zope.org/Products/Zope/Hotfix-2005-04-05/Hotfix-20050405/Hotfix_20050405.tar.gz - "Windows ZIP archive", http://www.zope.org/Products/Zope/Hotfix-2005-04-05/Hotfix-20050405/Hotfix_20050405.zip Apologies for the earlier typoed URLs. Tres Seaver. - -- ======= Tres Seaver[EMAIL PROTECTED] Zope Corporation "Zope Dealers" http://www.zope.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCUtIhGqWXf00rNCgRAitxAJ9Vualp5LLSrMQb1T799UWKa1UJoQCgmCJ2 EqH0Sj4RN0V8o1ldX6C1g90= =1lBU -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-Annce] (Security) Hotfix_20050405 Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Overview Zope Corporation has released a Zope hotfix product addressing a potential vulnerability discovered during a recent security audit of Zope 2.7 and 2.8. Affected Versions The hotfix affects versions 2.7.5 and earlier of Zope on the 2.7 release line, as well as versions 2.8a1 and 2.8a2 on the upcoming 2.8 release line. The vulnerability will be resolved in versions 2.7.6 and 2.8b1. We recommend that any site which permits untrusted users to write PythonScripts apply this hotfix, and upgrade to a fixed version of Zope as it becomes available. Further Information Please see the "product README", http://www.zope.org/Products/Zope/Hotfix-2005-04-05/Hotfix-200405/README.txt for details on the vulnerability, and for instructions on installing the hotfix. Downloading the Hotfix - "Unix tarball", http://www.zope.org/Products/Zope/Hotfix-2005-04-05/Hotfix-200405/Hotfix_20050405.tar.gz - "Windows ZIP archive", http://www.zope.org/Products/Zope/Hotfix-2005-04-05/Hotfix-200405/Hotfix_20050405.zip Tres Seaver. - -- ======= Tres Seaver[EMAIL PROTECTED] Zope Corporation "Zope Dealers" http://www.zope.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCUsvGGqWXf00rNCgRAt3qAJ42sH4BIPP9+S1g+ZnpwS9YopcggQCfYnvw hXfT3SOxuL1y1adv5zmv3v8= =smRT -END PGP SIGNATURE- ___ Zope-Announce maillist - Zope-Announce@zope.org http://mail.zope.org/mailman/listinfo/zope-announce Zope-Announce for Announcements only - no discussions (Related lists - Users: http://mail.zope.org/mailman/listinfo/zope Developers: http://mail.zope.org/mailman/listinfo/zope-dev )
