Re: Backport of CVE-2024-10978 fix to older pgsql versions (11, 9.6, and 9.4)

On Tue, Dec 31, 2024 at 03:52:07PM -0500, Bruce Momjian wrote:
> On Tue, Dec 31, 2024 at 01:47:19PM -0700, David G. Johnston wrote:
> > On Tue, Dec 31, 2024 at 1:30 PM Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> >
> > On Tue, Dec 31, 2024 at 03:19:25PM -0500, Roberto C. Sánchez wrote:
> >
> > > My thinking was "ask once, bump the thread once after 2 or 3 weeks just
> > > in case it got lost in the noise (this is a busy list), and after that
> > > let the matter rest if there is no answer".
> >
> > We don't normally ignore emails, so would not bother with a second
> > request.
> >
> >
> > And yet the squeaky wheel does seem to get the grease; and I know from personal
> > experience that emails will go unresponded two for weeks, which to a reasonable
> > submitter to this list, when many responses are indeed the same day, seems like
> > an email that got overlooked.
>
> Yes, but we are explaining it was not overlooked, but rather no one
> knows. The odds of a reply are low, and the odds we just ignored it are
> even lower. If he does ask a second time for each backpatch, we are
> likely to be even less motivated to help.

Actually, there is another concern. Debian users who are using these 6+
year-old releases might think the release is supported by the community
and submit bug reports to us. I can't remember anyone complaining when
we said a release was EOL by saying it is supported by Debian, so this is
probably a minor concern, but something to remember.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

Do not let urgent matters crowd out time for investment in the future.