From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Damien Clochard <damien(at)dalibo(dot)info>, pgsql-www(at)lists(dot)postgresql(dot)org |
Subject: | Re: CVE Links are broken on the PG 10.1 news page |
Date: | 2017-11-10 17:29:59 |
Message-ID: | CABUevEx-EWXCgOjjpz_JoO99PusQUYcgxxHKJGuYyCktiZ7_wg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
On Fri, Nov 10, 2017 at 5:55 PM, Jonathan S. Katz <jkatz(at)postgresql(dot)org>
wrote:
>
> > On Nov 10, 2017, at 11:32 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >
> > Magnus Hagander <magnus(at)hagander(dot)net> writes:
> >> On Fri, Nov 10, 2017 at 2:56 PM, Daniel Gustafsson <daniel(at)yesql(dot)se>
> wrote:
> >>> On 10 Nov 2017, at 12:14, Damien Clochard <damien(at)dalibo(dot)info> wrote:
> >>>> The 3 CVE links lead to a 404 page on RH website :
> >>>> https://access.redhat.com/security/cve/CVE-2017-12172
> >>>> https://access.redhat.com/security/cve/CVE-2017-15098
> >>>> https://access.redhat.com/security/cve/CVE-2017-15099
> >
> >>> Even better would probably be to not make them actual links until the
> >>> target URL exists.
> >
> >> We used to do it that way. Which then meant they usually didn't get
> updated
> >> until the next round of releases, because it got forgotten :/
> >
> > FWIW, I see that -12172 just got de-embargoed. Probably the other two
> > will follow shortly.
>
> Interestingly enough, when I checked post-release yesterday, they were
> available, so they must have been re-embargoed shortly thereafter.
>
I think the right thing to do here will materialize itself once I have
finished off the branch which databaseifies the list. When we've reached
that point we can have a cronjob that pings the redhat urls and turns it
into a link only once they stop returning 404.
Until then I think we're best off just keeping it the way it is now.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
From | Date | Subject | |
---|---|---|---|
Next Message | Vỹ Phan | 2017-11-11 17:10:56 | Wiki editor request |
Previous Message | Jonathan S. Katz | 2017-11-10 16:55:21 | Re: CVE Links are broken on the PG 10.1 news page |