Skip site navigation (1) Skip section navigation (2)

Re: Security information page

From: Simon Riggs <simon(at)2ndquadrant(dot)com>
To: Magnus Hagander <mha(at)sollentuna(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-www(at)postgresql(dot)org
Subject: Re: Security information page
Date: 2005-11-27 22:51:05
Message-ID: 1133131865.2906.234.camel@localhost.localdomain (view raw or flat)
Thread:
Lists: pgsql-www
On Sun, 2005-11-27 at 21:52 +0100, Magnus Hagander wrote:
..Tom Lane wrote
> > I think the bit about "Our goal is to gain and maintain 
> > CVE-compatible status" is bogus.  As near as I can tell, 
> > Mitre's definition of CVE compatibility applies to security 
> > products (eg, vulnerability scanners) which Postgres is not.  
> 
> Um. Not really - products like Debian are CVE compatible
> (http://www.us.debian.org/security/cve-compatibility), so it's not just
> for security products.
> 
> > You could maybe say that this one web page is something that 
> > could apply for CVE compatibility status, but are we going to 
> > jump through those hoops for one web page?  Nyet.
> 
> Right. I'll take that off until such a time as we're further along that
> process (see Simons mails).

I'll re-raise this as a separate item, later; one step at a time.

> Looks better now?

And the first step looks very good now.

Best Regards, Simon Riggs


In response to

pgsql-www by date

Next:From: Marc G. FournierDate: 2005-11-27 23:00:10
Subject: Re: svr2/unionfs
Previous:From: Neil ConwayDate: 2005-11-27 22:35:54
Subject: Re: Security information page

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group