[Zope-dev] Zope Tests: 5 OK
Summary of messages to the zope-tests list. Period Mon Jun 9 11:00:00 2008 UTC to Tue Jun 10 11:00:00 2008 UTC. There were 5 messages: 5 from Zope Tests. Tests passed OK --- Subject: OK : Zope-2.8 Python-2.3.6 : Linux From: Zope Tests Date: Mon Jun 9 20:59:28 EDT 2008 URL: http://mail.zope.org/pipermail/zope-tests/2008-June/009680.html Subject: OK : Zope-2.9 Python-2.4.4 : Linux From: Zope Tests Date: Mon Jun 9 21:00:59 EDT 2008 URL: http://mail.zope.org/pipermail/zope-tests/2008-June/009681.html Subject: OK : Zope-2.10 Python-2.4.4 : Linux From: Zope Tests Date: Mon Jun 9 21:02:29 EDT 2008 URL: http://mail.zope.org/pipermail/zope-tests/2008-June/009682.html Subject: OK : Zope-2.11 Python-2.4.4 : Linux From: Zope Tests Date: Mon Jun 9 21:04:00 EDT 2008 URL: http://mail.zope.org/pipermail/zope-tests/2008-June/009683.html Subject: OK : Zope-trunk Python-2.4.4 : Linux From: Zope Tests Date: Mon Jun 9 21:05:30 EDT 2008 URL: http://mail.zope.org/pipermail/zope-tests/2008-June/009684.html ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] buildbot news: sending notifications and current broken builds
On Mon, Jun 09, 2008 at 05:46:54PM -0400, Benji York wrote: On Mon, Jun 9, 2008 at 5:41 PM, Marius Gedminas [EMAIL PROTECTED] wrote: This implies that buildbot keeps the state somewhere. Then it could also remember the message ID of the failure message and later, when the builder changes from a bad state to a good state, send another message, announcing the end of the failure, with an In-Reply-To header containing the previous message ID, for proper threading. That would be lovely. Indeed it would. I know I'm being cheap, but I was happy that buildbot is actually doing the majority of the work on its own. I should put a ticket to the buildbot people and ask them for that feature probably. Christian -- Christian Theune · [EMAIL PROTECTED] gocept gmbh co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1 Zope and Plone consulting and development ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Checkins] SVN: zc.buildout/trunk/ - Fixed wrong split when using the += and -= syntax (mustapha)
He modified an existing test to exercise this. Jim On Jun 10, 2008, at 7:56 AM, Benji York wrote: On Tue, Jun 10, 2008 at 4:59 AM, Andreas Jung [EMAIL PROTECTED] wrote: Log message for revision 87277: - Fixed wrong split when using the += and -= syntax (mustapha) I didn't see tests for this. Were they in a different commit that I missed? -- Benji York Senior Software Engineer Zope Corporation ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) -- Jim Fulton Zope Corporation ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] permission inheritance from conflicting groups
On Jun 9, 2008, at 9:38 PM, Daniel Blackburn wrote: It seems that there either may be an issue with Zope security or I do not understand it properly. Please let me know what you guys think. It seems you misunderstood it. Lets say we have a principal with no direct permissions or roles assigned to see a view index.html. The principal has two groups, group1 and group2. group1 allows the principal to see index.html and group2 denys access to index.html. It seems to me that in this situation of conflicting permissions a deny permission should result for the principal to the index view. However it does not, the permission will be digested into allowing the principal to have access to the view. Is this the desired behavior, or just simply overlooked. I looked in the doctests and did not see anything like this. Any feedback would be appreciated. Here's a scenario from the real world. You start working in a company. The security team puts you in a group of regular employees so that when you swipe you card at the card readers in front of each door you are allowed to rooms A, B, and C, but explicitly denied access to rooms D, E, and F. After a while you are promoted to a special team. The security team adds you to that group. Now when you swipe your card at the door D, the computer checks the following. - Read your employee ID from the card. - Get the groups that employee ID belongs to. - Regular employee group - Cannot access door D - Special team group - Can access door D - Employee ID belongs to at least one group that can access this door. - Open the door. The door F will be open only to a member of the security team (group). This is equivalent to the old times when they give you a key when you start working. That key does not let you in all rooms. After a while, you are promoted, which really means that you are in a special group. They give you another key. That one lets you in one more room. Can you access that room? Not with the first key. How about the second? ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Checkins] SVN: zc.buildout/trunk/ - Fixed wrong split when using the += and -= syntax (mustapha)
On Tue, Jun 10, 2008 at 9:03 AM, Jim Fulton [EMAIL PROTECTED] wrote: He modified an existing test to exercise this. Cool! -- Benji York Senior Software Engineer Zope Corporation ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] permission inheritance from conflicting groups
On Tue, Jun 10, 2008 at 10:06 AM, Roger Ineichen [EMAIL PROTECTED] wrote: Hi Betreff: Re: [Zope-dev] permission inheritance from conflicting groups On Jun 9, 2008, at 9:38 PM, Daniel Blackburn wrote: It seems that there either may be an issue with Zope security or I do not understand it properly. Please let me know what you guys think. It seems you misunderstood it. Lets say we have a principal with no direct permissions or roles assigned to see a view index.html. The principal has two groups, group1 and group2. group1 allows the principal to see index.html and group2 denys access to index.html. It seems to me that in this situation of conflicting permissions a deny permission should result for the principal to the index view. However it does not, the permission will be digested into allowing the principal to have access to the view. Is this the desired behavior, or just simply overlooked. I looked in the doctests and did not see anything like this. Any feedback would be appreciated. Here's a scenario from the real world. You start working in a company. The security team puts you in a group of regular employees so that when you swipe you card at the card readers in front of each door you are allowed to rooms A, B, and C, but explicitly denied access to rooms D, E, and F. After a while you are promoted to a special team. The security team adds you to that group. Now when you swipe your card at the door D, the computer checks the following. - Read your employee ID from the card. - Get the groups that employee ID belongs to. - Regular employee group - Cannot access door D - Special team group - Can access door D - Employee ID belongs to at least one group that can access this door. - Open the door. The door F will be open only to a member of the security team (group). This is equivalent to the old times when they give you a key when you start working. That key does not let you in all rooms. After a while, you are promoted, which really means that you are in a special group. They give you another key. That one lets you in one more room. Can you access that room? Not with the first key. How about the second? I think this way too and can agree and yes, the zope securitpolicy acts this way by default. but... You can implement a custom securitypolicy which takes more care on deny settings. I think it's also valid for high secure systems that a deny is allways a deny. This means if you will get any deny from somewhere you will not be allowd to access it. The default policy makes it real hard to find out if some bad settings give access to the wrong users. But since we have the great security tool from Daniel it's no problem anymore to find out what's configured. Regards Roger Ineichen Thanks guys, I just wanted some clarification for the security tool as I was running through these edge cases with the demo. I am more of a default deny person myself as well. Thanks for the compliment Roger it nice to see someone using it. I have been procrastinating the Beta release but I think I will bite the bullet this week. ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] permission inheritance from conflicting groups
On Monday 09 June 2008, Daniel Blackburn wrote: It seems that there either may be an issue with Zope security or I do not understand it properly. Please let me know what you guys think. Lets say we have a principal with no direct permissions or roles assigned to see a view index.html. The principal has two groups, group1 and group2. group1 allows the principal to see index.html and group2 denys access to index.html. It seems to me that in this situation of conflicting permissions a deny permission should result for the principal to the index view. However it does not, the permission will be digested into allowing the principal to have access to the view. Is this the desired behavior, or just simply overlooked. I looked in the doctests and did not see anything like this. Any feedback would be appreciated. I would epxect the order of the groups to matter and simply the setting that is found last wins. This is a third possible behavior that mimics Python's inheritance behavior. Regards, Stephan -- Stephan Richter Web Software Design, Development and Training Google me. Zope Stephan Richter ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Restricted Python not handling slices correctly
On Thursday 05 June 2008, Shane Hathaway wrote: Are you in fact using RestrictedPython? The code snippet looks like it only uses a security proxy. RestrictedPython is a custom Python compiler; you're not using it unless your interactive Python prompt uses RestrictedPython to compile all expressions. You are right. The behavior you saw is exactly what happens when an object implements __getitem__ and __len__ but not __getslice__. If lp matches that description, and the length of lp is 2, then Python evaluates lp[-3:] as lp.__getitem__(slice(-1, 2147483647, None)). I wish Python would instead evaluate it as lp.__getitem__(slice(-3)), but maybe there are historical reasons for this. But this is still fine. the first index I got for lp is +1, not -1. I have tried to ready through the C code of Proxy. It clearly exposes __getslice__. See zope/proxy/_zope_proxy_proxy.c, line 630 and 746. Does anyone else have an idea? Regards, Stephan -- Stephan Richter Web Software Design, Development and Training Google me. Zope Stephan Richter ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] buildbot news: sending notifications and current broken builds
On Tue, Jun 10, 2008 at 12:35:17AM +0300, Marius Gedminas wrote: On Fri, Jun 06, 2008 at 09:34:30AM -0400, Gary Poster wrote: On Jun 6, 2008, at 8:37 AM, Benji York wrote: A suggestion: I'd like to have the tests run with --all. Heh, I was going to try and fix a time-out failure (zc.blist) by moving the intentionally long tests to --all...maybe there would be some way to say don't run me with --all? Otherwise don't love this idea, though I understand its point. There are two ways to avoid buildbot timeouts: * pass the -v option to the test runner (when buildout sees dots appearing it resets its timeout counter, and the dots themselves do not obscure errors in the log) * increase the buildbot timeout (pass timeout=60*60 to the step that runs the tests) I opted for using -v for now. We'll see how that goes. If even buildbot, who has the patience of a computer, is not running tests that take a long time, will anyone else ever run them? Exactly. Christian -- Christian Theune · [EMAIL PROTECTED] gocept gmbh co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1 Zope and Plone consulting and development ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Checkins] SVN: zc.sourcefactory/branches/0.3/buildout.cfg Move to more modern buildout setup. In library packages we really don't want
On Tue, Jun 10, 2008 at 10:42 AM, Christian Theune [EMAIL PROTECTED] wrote: Log message for revision 87286: Move to more modern buildout setup. In library packages we really don't want to fix all the versions. Actually, I think we do want to fix the versions, but using the KGS. -- Benji York Senior Software Engineer Zope Corporation ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] permission inheritance from conflicting groups
On Tue, Jun 10, 2008 at 9:34 AM, Stephan Richter [EMAIL PROTECTED] wrote: On Monday 09 June 2008, Daniel Blackburn wrote: It seems that there either may be an issue with Zope security or I do not understand it properly. Please let me know what you guys think. Lets say we have a principal with no direct permissions or roles assigned to see a view index.html. The principal has two groups, group1 and group2. group1 allows the principal to see index.html and group2 denys access to index.html. It seems to me that in this situation of conflicting permissions a deny permission should result for the principal to the index view. However it does not, the permission will be digested into allowing the principal to have access to the view. Is this the desired behavior, or just simply overlooked. I looked in the doctests and did not see anything like this. Any feedback would be appreciated. I would epxect the order of the groups to matter and simply the setting that is found last wins. This is a third possible behavior that mimics Python's inheritance behavior. The order seems to have no effect on the inheritance, I just ran the tests with two groups and toggled the permissions on each. ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Checkins] SVN: zc.sourcefactory/branches/0.3/buildout.cfg Move to more modern buildout setup. In library packages we really don't want
On Tue, Jun 10, 2008 at 11:12:22AM -0400, Benji York wrote: On Tue, Jun 10, 2008 at 10:42 AM, Christian Theune [EMAIL PROTECTED] wrote: Log message for revision 87286: Move to more modern buildout setup. In library packages we really don't want to fix all the versions. Actually, I think we do want to fix the versions, but using the KGS. Maybe on a branch, but not on a trunk and not using a local implementation of `version=` ;) -- Christian Theune · [EMAIL PROTECTED] gocept gmbh co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1 Zope and Plone consulting and development ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Checkins] SVN: zc.sourcefactory/branches/0.3/buildout.cfg Move to more modern buildout setup. In library packages we really don't want
On Tue, Jun 10, 2008 at 11:34:45AM -0400, Benji York wrote: On Tue, Jun 10, 2008 at 11:21 AM, Christian Theune [EMAIL PROTECTED] wrote: On Tue, Jun 10, 2008 at 11:12:22AM -0400, Benji York wrote: On Tue, Jun 10, 2008 at 10:42 AM, Christian Theune [EMAIL PROTECTED] wrote: Log message for revision 87286: Move to more modern buildout setup. In library packages we really don't want to fix all the versions. Actually, I think we do want to fix the versions, but using the KGS. Maybe on a branch, but not on a trunk and not using a local implementation of `version=` ;) I disagree; we should be explicit about what versions we test with (including the trunk). I believe this discussion has come up before; I don't believe we came up with a hard and fast policy at that point. I'm not interested enough to have the argument now, but for anything that I maintain I'll certainly want nailed versions on the trunk (KGS or otherwise). Unfortunately I won't shut up immediately. ;) I think it was very helpful that the buildbot picked up the changes of zope.tal for the other packages' trunks quickly so we all still knew why they broke. We would loose that when sticking to explicit versions and get updated much much later requiring us to work harder to remember what happened. Christian -- Christian Theune · [EMAIL PROTECTED] gocept gmbh co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1 Zope and Plone consulting and development ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Checkins] SVN: zc.sourcefactory/branches/0.3/buildout.cfg Move to more modern buildout setup. In library packages we really don't want
On Tue, Jun 10, 2008 at 11:39 AM, Christian Theune [EMAIL PROTECTED] wrote: Unfortunately I won't shut up immediately. ;) That's ok, I will. ;) This is a classic discussion, there are pros and cons to each perspective. -- Benji York Senior Software Engineer Zope Corporation ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] z3c.securitytool
Hello all, Well after some persuasion I think it is about time to announce the Beta version of the z3c.securitytool project!! I would appreciate any feedback/advice to make this a more useful addition to the community. The page on http://pypi.python.org/pypi/z3c.securitytool lists how to run the demo and is pretty easy to add to existing projects. Thanks in advance Daniel Blackburn ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] buildbot failure in Zope on zc.ngi
The Buildbot has detected a new failure of zc.ngi on Zope. Full details are available at: http://zopebuildbot.whq.gocept.com/zc.ngi/builds/100 Buildbot URL: http://zopebuildbot.whq.gocept.com/ Buildslave for this Build: local Build Reason: The Nightly scheduler named 'zc.ngi nightly' triggered this build Build Source Stamp: [branch zc.ngi/trunk] HEAD Blamelist: BUILD FAILED: failed test Logs are attached. sincerely, -The Buildbot Abuild/todo.txt Abuild/bootstrap.py Abuild/buildout.cfg Abuild/setup.py Abuild/src Abuild/src/zc Abuild/src/zc/__init__.py Abuild/src/zc/ngi Abuild/src/zc/ngi/blocking.py Abuild/src/zc/ngi/adapters.txt Abuild/src/zc/ngi/message.txt Abuild/src/zc/ngi/async.py Abuild/src/zc/ngi/testing.py Abuild/src/zc/ngi/__init__.py Abuild/src/zc/ngi/blocking.txt Abuild/src/zc/ngi/tests.py Abuild/src/zc/ngi/adapters.py Abuild/src/zc/ngi/interfaces.py Abuild/src/zc/ngi/README.txt Abuild/src/zc/ngi/async.txt Abuild/src/zc/ngi/message.py Abuild/src/zc/ngi/testing.test Abuild/src/zc/ngi/wordcount.py Abuild/README.txt U build Checked out revision 87308. Creating directory '/home/ctheune/zope.org/slave/zc.ngi/build/bin'. Creating directory '/home/ctheune/zope.org/slave/zc.ngi/build/parts'. Creating directory '/home/ctheune/zope.org/slave/zc.ngi/build/develop-eggs'. Generated script '/home/ctheune/zope.org/slave/zc.ngi/build/bin/buildout'. Upgraded: zc.buildout version 1.0.5, setuptools version 0.6c8; restarting. Generated script '/home/ctheune/zope.org/slave/zc.ngi/build/bin/buildout'. Develop: '/home/ctheune/zope.org/slave/zc.ngi/build/.' Installing test. Generated script '/home/ctheune/zope.org/slave/zc.ngi/build/bin/test'. Running tests at all levels Running unit tests: Running: .. Failure in test /home/ctheune/zope.org/slave/zc.ngi/build/src/zc/ngi/async.txt Failed doctest test for async.txt File /home/ctheune/zope.org/slave/zc.ngi/build/src/zc/ngi/async.txt, line 0 -- File /home/ctheune/zope.org/slave/zc.ngi/build/src/zc/ngi/async.txt, line 161, in async.txt Failed example: print loghandler Expected: zc.ngi.async.client ERROR handle_input failed Got: BLANKLINE -- File /home/ctheune/zope.org/slave/zc.ngi/build/src/zc/ngi/async.txt, line 165, in async.txt Failed example: handler.closed Exception raised: Traceback (most recent call last): File /home/ctheune/eggs/tmpY8_5rK/zope.testing-3.5.1-py2.4.egg/zope/testing/doctest.py, line 1356, in __run File doctest async.txt[37], line 1, in ? handler.closed AttributeError: LameClientConnectionHandler instance has no attribute 'closed' Ran 70 tests with 1 failures and 0 errors in 5.554 seconds. Tests with failures: /home/ctheune/zope.org/slave/zc.ngi/build/src/zc/ngi/async.txt ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] z3c.securitytool
Hi, On Tue, Jun 10, 2008 at 09:42:52PM -0400, Daniel Blackburn wrote: Hello all, Well after some persuasion I think it is about time to announce the Beta version of the z3c.securitytool project!! I would appreciate any feedback/advice to make this a more useful addition to the community. The page on http://pypi.python.org/pypi/z3c.securitytool lists how to run the demo and is pretty easy to add to existing projects. Thanks for that announcement. I've been noticing the commits on that for a while but didn't look at the package yet. I'll give it a shot, it looks promising. Side note: the change log entries for 0.4.0 and 0.4.0b seem to be mixed up on the PyPI page, especially regarding ReST. Christian -- Christian Theune · [EMAIL PROTECTED] gocept gmbh co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1 Zope and Plone consulting and development ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )