| From: | "Marc G(dot) Fournier" <scrappy(at)hub(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Justin Clift <justin(at)postgresql(dot)org>, Oleg Bartunov <oleg(at)sai(dot)msu(dot)su>, Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, Neil Conway <neilc(at)samurai(dot)com>, Sir Mordred The Traitor <mordred(at)s-mail(dot)com>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Release of v7.2.2 (Was: Re: @(#)Mordred Labs ad...) |
| Date: | 2002-08-22 18:06:22 |
| Message-ID: | 20020822150546.C1769-100000@mail1.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 22 Aug 2002, Tom Lane wrote:
> Justin Clift <justin(at)postgresql(dot)org> writes:
> > It probably makes sense to wait about a week until releasing 7.2.2, even
> > if we get assembled anything else that is needed.
>
> I think we should go ahead and push it out; by the end of next week
> we'll be trying to wrap 7.3 beta, and the confusion factor for pushing
> out two releases at the same time will be much too high.
>
> I think it is fairly unlikely that we will find anything else in the
> next week that is exploitable indirectly through a web-app in the same
> way that the date buffer overrun bug could be. Most of the sorts of
> bugs that I'm expecting to hear about will require being able to issue
> SQL commands --- and if someone can issue arbitrary SQL commands, there
> are plenty of ways to create a DOS situation.
And, worse comes to worse, we *can* issue a v7.2.3 if further security
issues are found before v7.3 is fully released ...
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2002-08-22 18:55:18 | DBD::Pg ... |
| Previous Message | Tom Lane | 2002-08-22 16:59:16 | Re: turning off autocommit behavior in psql |