Re: CVE Links are broken on the PG 10.1 news page

On Fri, Nov 10, 2017 at 2:56 PM, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:

> > On 10 Nov 2017, at 12:14, Damien Clochard <damien(at)dalibo(dot)info> wrote:
> >
> > Le 10.11.2017 11:17, Daniel Gustafsson a écrit :
> >>> On 10 Nov 2017, at 11:15, Damien Clochard <damien(at)dalibo(dot)info> wrote:
> >>> here :
> >>> https://www.postgresql.org/about/news/1801/
> >>> The 3 CVE links lead to a 404 page on RH website :
> >>> https://access.redhat.com/security/cve/CVE-2017-12172
> >>> https://access.redhat.com/security/cve/CVE-2017-15098
> >>> https://access.redhat.com/security/cve/CVE-2017-15099
> >> IIRC that’s the case with every security release, the Redhat site aren’t
> >> publishing them immediately but will eventually (soonish) have them.
> >
> > Ok I was not aware of that. It makes sense but maybe we could had this
> explanation in the release announcement so that people like me don't get
> confused by the broken links ? :)
>
> Even better would probably be to not make them actual links until the
> target
> URL exists.
>

We used to do it that way. Which then meant they usually didn't get updated
until the next round of releases, because it got forgotten :/

--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>