Stefan,
> well not that is closely related to the -www issue but the fix/patch
> will end up on anoncvs/viewcvs days before the release too (and will get
> published including the Security: tag and the commit message there and
> distributed to the buildfarm boxes at least).
> So to keep it really under the hood would probably be quite difficult to
> do.
Actually, we were discussing mechanisms to change that on -core. Suggestions
are welcome. Mostly we just want to keep a tight lid on security expoloit
information until the day of release.
--
Josh Berkus
PostgreSQL @ Sun
San Francisco