| From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
|---|---|
| To: | "Simon Riggs" <simon(at)2ndquadrant(dot)com>, "Peter Eisentraut" <peter_e(at)gmx(dot)net> |
| Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [BUGS] BUG #2052: Federal Agency Tech Hub Refuses to Accept |
| Date: | 2005-11-25 18:30:12 |
| Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCE92E89D@algol.sollentuna.se |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > We really should write the CVE numbers into the commit messages and
> > the release notes.
>
> I think that would be good.
That requires the CVE number to be available at the time of commit. Not
sure if it'll always be. But if it is, it's certainly a good idea to put
it in.
> > How about a simple webpage that has more or less a table with:
> > CVE-number | present in releases | fixed in releases
> > CVE-number | present in releases | fixed in releases
> > CVE-number | present in releases | fixed in releases
>
> ..and I think we should do this too.
>
> Have to say I'm a bit worried about overloading Tom and
> Bruce, who write most of the security patches and relevant
> release notes.
>
> Anybody else volunteer to maintain the web page?
While I think it would be a good idea for someone on -core to actually
be responsible for such a list, I can certainly create and maintain the
page. With our track record of security issues, it doesn't seem that it
should be all that much work...
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pollard, Mike | 2005-11-25 18:31:37 | Re: Doubt |
| Previous Message | Peter Eisentraut | 2005-11-25 18:28:10 | Re: PL/php in pg_pltemplate |