From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
---|---|
To: | "Simon Riggs" <simon(at)2ndquadrant(dot)com>, "Peter Eisentraut" <peter_e(at)gmx(dot)net> |
Cc: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [BUGS] BUG #2052: Federal Agency Tech Hub Refuses to Accept |
Date: | 2005-11-25 18:30:12 |
Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCE92E89D@algol.sollentuna.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> > We really should write the CVE numbers into the commit messages and
> > the release notes.
>
> I think that would be good.
That requires the CVE number to be available at the time of commit. Not
sure if it'll always be. But if it is, it's certainly a good idea to put
it in.
> > How about a simple webpage that has more or less a table with:
> > CVE-number | present in releases | fixed in releases
> > CVE-number | present in releases | fixed in releases
> > CVE-number | present in releases | fixed in releases
>
> ..and I think we should do this too.
>
> Have to say I'm a bit worried about overloading Tom and
> Bruce, who write most of the security patches and relevant
> release notes.
>
> Anybody else volunteer to maintain the web page?
While I think it would be a good idea for someone on -core to actually
be responsible for such a list, I can certainly create and maintain the
page. With our track record of security issues, it doesn't seem that it
should be all that much work...
//Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Pollard, Mike | 2005-11-25 18:31:37 | Re: Doubt |
Previous Message | Peter Eisentraut | 2005-11-25 18:28:10 | Re: PL/php in pg_pltemplate |