Skip site navigation (1) Skip section navigation (2)

Re: BUG #2052: Federal Agency Tech Hub Refuses to Accept

From: Ferindo Middleton Jr <fmiddleton(at)verizon(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-bugs(at)postgresql(dot)org, mha(at)sollentuna(dot)net, sfrost(at)snowman(dot)net
Subject: Re: BUG #2052: Federal Agency Tech Hub Refuses to Accept
Date: 2005-11-22 00:00:15
Message-ID: 43825F8F.308@verizon.net (view raw or flat)
Thread:
Lists: pgsql-bugspgsql-hackerspgsql-www
Tom Lane wrote:
> "Ferindo Middleton" <fmiddleton(at)verizon(dot)net> writes:
>   
>> This bug report involves more than one proposed bug. I work at a federal
>> government agency. The information technology division at this agency
>> refuses to allow the database version 8.0.4 on their network because of
>> several security vulnerabilities they noticed when testing the software
>> application.
>>     
>
> They obviously haven't "tested" anything --- they are merely reading the
> CVE reports for old Postgres versions.  All known CVE problems are
> resolved in 8.0.4.
>
> (If they were actually serious about security, they wouldn't be letting
> you run Windows 2000 inside their network, but I digress.)
>
> 			regards, tom lane
>
>   

Thanks for your support with this. I had presented the IT support team 
at this agency with the information you all provided that these 
CVEs/bugs were resolved in previous versions to 8.0.4 and they suddenly 
argued that it wasn’t the CVE’s that were the problem (without admitting 
that they never really tested 8.0.4 in the first place)… I’m sorry if I 
wasted anybody’s time or irritated anyone by assuming that these bugs 
were actually valid in 8.0.4… I’m starting to get tied up in a bunch of 
bureaucratic tape dealing with these people. I think their just scared 
of having to deal with the support overhead they think they'll have to 
assume if they introduce another DBMS on their network…

Thank you,

Ferindo Middleton


In response to

pgsql-hackers by date

Next:From: Jim C. NasbyDate: 2005-11-22 00:02:00
Subject: Using FSM to trigger vacuum
Previous:From: Tom LaneDate: 2005-11-21 23:56:26
Subject: Re: PostgreSQL 8.1.0 catalog corruption

pgsql-bugs by date

Next:From: David J N BegleyDate: 2005-11-22 00:19:51
Subject: Re: BUG #2062: Timezone unrecognised
Previous:From: Qingqing ZhouDate: 2005-11-21 23:58:35
Subject: Re: BUG #2048: initdb hang up

pgsql-www by date

Next:From: Magnus HaganderDate: 2005-11-22 08:07:37
Subject: Re: Empty main page on two www.postgresql.org servers
Previous:From: Marc G. FournierDate: 2005-11-21 23:26:30
Subject: Re: Empty main page on two www.postgresql.org servers

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group