zope - plone security issues

[Christos Gioran <himicos () freemail gr>]

Greetings list,

        we are currently considering switching our site from apache to the zope 
platform primarily for using the plone product. I have already googled for 
security issues on both packages and read through all Bugtraq posts that came 
after a search for zope or plone. It seems to me that the package is quite 
safe to use and their team does a good job keeping it that way. The thing I 
want to ask is whether anyone has used it and has good reason to recommend 
against it, for security reasons that is. Moreover, I intend to chroot it for 
that extra, paranoid touch. Is it really worth the efford? If you agree on 
this approach, is there any diferrence, security-wise,  in compiling all 
programs in the chroot jail (all programs being zope, plone *and* python) 
statically or shared? If so, why?

thanks in advance

-- 
himicos

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------