[Framework-Team] Re: hard dependency on PIL?
Hanno Schlichting
plone at hannosch.info
Wed Sep 13 16:33:31 UTC 2006
Alec Mitchell wrote:
> On 9/13/06, Raphael Ritz
> <r.ritz at biologie.hu-berlin.de> wrote:
>>
>> that's what I meant by saying earlier that PIL isn't necessarily
>> trivial to install. But anyway, I consider my original question
>> answered: it wasn't introduced on purpose in the first place but
>> now that a security-related issue depends on it anyway (the
>> portrait checking) people are willing to accept this.
>
> When I introduced the dependency for the portrait fix in 2.5 and 2.1
> it was fully intentional.
Yep, Raphael was talking about my introduction of the dependency in the
CMF 2.1 branches which was not intentional (that's the first place) and
of your introduction as the 'security related issue'.
Hanno
More information about the Framework-Team
mailing list