> >>Like I said before, this is probably a good feature. If it was > available as a > >>patch then I would probably use it on a number of my sites, and would > >>recommend it to others. I would be very happy see it (or > something like it) > >>in 2.7. > >> > >>But not 2.6. > >> > > >> Then Jim wrote: >> WRT to this change, now that I'm back from vacation, I want to talk to Brian >> about it. ;)
Hear ye, hear ye :^) Zope 2.6 is a second-dot release, meaning that it is expected that there will be new features and that it is possible (though we always try to avoid it) that some things can break in the name of progress. (See http://dev.zope.org/CVS/ZopeReleasePolicy for more details). Zope 2.5.x will be a third-dot release, intended to be bug-fix only (and thus not allowed to break things). So here's what we'll do. Zope 2.6 will include the string tainting changes, enabled by default. The tainting can be turned off by providing an environment variable. The next Zope 2.5.x release will contain the tainting code, but it will be *disabled* by default. If you are worried about the issues it addresses, you will be able to enable it explicitly using an environment variable (without having to upgrade to 2.6). 2.7 and later releases will behave as 2.6. Brian Lloyd [EMAIL PROTECTED] V.P. Engineering 540.361.1716 Zope Corporation http://www.zope.com _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )