| From: | "Jonathan S(dot) Katz" <jonathan(dot)katz(at)excoventures(dot)com> |
|---|---|
| To: | Selena Deckelmann <selena(at)chesnok(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL Advocacy <pgsql-advocacy(at)postgresql(dot)org> |
| Subject: | Re: Heroku early upgrade is raising serious questions |
| Date: | 2013-04-03 00:43:38 |
| Message-ID: | 5055A5F3-8C6B-4569-862D-3A0E1F3E963F@excoventures.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-advocacy |
On Apr 2, 2013, at 8:14 PM, Jonathan S. Katz wrote:
> On Apr 2, 2013, at 8:03 PM, Selena Deckelmann wrote:
>
>> I agree that we should have a well-documented security release process. There are existing processes documented that we might use as a starting point, and I personally think largely match what we currently do, like: https://docs.djangoproject.com/en/1.5/internals/security/
>
> The Django security release guide is good - I think we could almost copy & paste it. I could throw something up on our wiki where we can fill in the blanks on what we want the actually policy to be and allow people to comment + add modifications.
Here is a wiki I through together combining elements of both our current security page and thoughts from the Django one:
https://wiki.postgresql.org/wiki/PostgreSQL_Security_Release_Policy_Draft
I separated between our current policy and the draft. The draft really needs some blanks to be filled in.
One suggestion (not in the draft) is that when we do make release announcements containing security fixes, we do include the URL to our security policy to make it clear what it is.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Shane Ambler | 2013-04-03 01:01:36 | Re: Heroku early upgrade is raising serious questions |
| Previous Message | Jonathan S. Katz | 2013-04-03 00:14:23 | Re: Heroku early upgrade is raising serious questions |