Re: [ANNOUNCE] IMPORTANT: two new PostgreSQL security problems found

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Considering that this is a security-related system catalog update, is
> there any way of providing some sort of signature for a message like
> this such that the community can feel that issuing some arcane commands
> as a superuser won't open a hole rather than close one?

An excellent point. Ideally someone (Tom) would be using GnuPG to sign
important messages like this with a digital signature. However, there are
a few checks one could do until that happens. One, compare his headers with
previous ones. Second, check the page at www.postgresql.org for a matching
announcement. Third, wait five minutes for the real Tom Lane to denounce any
fake email sent in his name. :)

If it makes you feel better, I'm 100% sure that was a legitimate email, and
I am going to sign this. :)

- --
Greg Sabino Mullane greg(at)turnstep(dot)com
PGP Key: 0x14964AC8 200505040739
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8

-----BEGIN PGP SIGNATURE-----

iD8DBQFCeLTwvJuQZxSWSsgRAtACAKDvyylXy1MliqSs8Jsoz7XicXmBagCgoprg
qKPTIVv55E3ne19OGvtOTHM=
=IFvp
-----END PGP SIGNATURE-----