| From: | David Fetter <david(at)fetter(dot)org> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, w^3 <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: Purge obsolete security updates? |
| Date: | 2011-02-02 14:14:47 |
| Message-ID: | 20110202141447.GA23330@fetter.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Mon, Jan 31, 2011 at 03:52:03PM -0800, Josh Berkus wrote:
>
> >> ... currently has security patch information going back to 2004.
> >> I'd like to cut everything which only applies through version 8.0
> >> as obsolete. This would mean cutting all notices starting with
> >> CVE-2006-0678.
> >
> > Well there are two notices prior to that that apply to 8.1.
>
> Oh, yeah, well spotted. Those two would be untouched.
>
> > Will the information still be archived someplace if someone needs
> > it?
>
> The release notes will still be available.
>
> > I might be more inclined to move it to a separate page than to
> > nuke it completely.
>
> Why? What's the point in keeping it around?
The *act* of removing it is the one we want to avoid even the
appearance of doing. It's an affirmative act, and one that could make
us look very bad.
Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2011-02-02 23:24:31 | Re: I thought we were keeping the cvsweb server online? |
| Previous Message | Tom Lane | 2011-02-01 17:44:12 | Re: Purge obsolete security updates? |