Re: Problem with OpenSCG downloads

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Andres Freund <andres(at)anarazel(dot)de>
Cc: Justin Clift <justin(at)postgresql(dot)org>, PostgreSQL www <pgsql-www(at)postgresql(dot)org>
Subject: Re: Problem with OpenSCG downloads
Date: 2018-08-17 02:39:11
Message-ID: 20180817023911.GA21464@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-www

On Thu, Aug 16, 2018 at 09:25:36AM -0700, Andres Freund wrote:
> On 2018-08-16 16:32:00 +0100, Justin Clift wrote:
> > On 2018-08-16 16:25, Andres Freund wrote:
> > > FWIW, I find this pretty damning given that there's been new security
> > > release for a week: You've added no notes about it to the bigsql
> > > download page. Pinged nobody, to get the downloadlinks temporarily
> > > adorned with a warning on the pg site. And then there's the issue that
> > > the dates besides the releases on the download page are referencing the
> > > date of the newest set of minor releases, but aren't actually new.
> > >
> > > This is ridiculously intransparent.
> >
> > Is it fairly simple for us to just comment out/remove the links for now?
> >
> > We don't want to be pointing people to software with known security issues.
> >
> > We can put the links back in when the updated downloads are in place. :)
>
> Probably don't want to remove them entirely, it might prevent people
> from upgrading from an even older release with more serious issues. But
> a red warning seems appropriate.

Agreed. We need to do something _now_, and the fact that we are having
to discover this instead of OpenSCG telling us is a good reason to
suspect the use of this download site in the future.

Looking at their website now, does it show they now have the proper
binaries?

https://www.openscg.com/bigsql/postgresql/installers/

PostgreSQL 10.5 - Stable (09-Aug-18)

postgresql-10.5-win64.exe
postgresql-10.5-osx64.dmg

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2018-08-17 02:47:19 Re: Fix help option of contrib/oid2name
Previous Message Michael Paquier 2018-08-17 02:36:32 Re: docs: note ownership requirement for refreshing materialized views

Browse pgsql-www by date

  From Date Subject
Next Message Magnus Hagander 2018-08-17 07:48:26 Re: Problem with OpenSCG downloads
Previous Message Andrew Dunstan 2018-08-16 20:36:39 Re: C99 compliance for src/port/snprintf.c