Skip site navigation (1) Skip section navigation (2)

Re: How to coordinate web team for security releases?

From: Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-www(at)postgresql(dot)org
Subject: Re: How to coordinate web team for security releases?
Date: 2007-02-05 20:40:09
Message-ID: 45C79629.5030103@kaltenbrunner.cc (view raw or flat)
Thread:
Lists: pgsql-www
Tom Lane wrote:
> Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
>> So to keep it really under the hood would probably be quite difficult to do.
> 
> Certainly.  We're not looking for something absolutely bulletproof, we
> just don't want to read about it on pgsql-announce before the actual
> release ;-).  Postgres isn't the sort of target that is likely to have
> blackhats tracking our anoncvs watching for interesting commits.  We
> think it's probably enough if we can keep the topic out of the public
> mailing lists until the release announcement.  Or at least, let's try
> to accomplish that before worrying about anything tighter.

That is probably a reasonable approach to the whole issue - and for the
anoncvs/buildfarm testing thing(if we want/need that even for such
patches) we could maybe look into the recent discussion on allowing
certain patches to be pulled from trusted people.
Maybe one could use that infrastructure to get basic buildfarm testing
without the need to commit to to the main public tree immediatly.
However the time gained from that might not be worth the pain ...


Stefan

In response to

pgsql-www by date

Next:From: Dave PageDate: 2007-02-05 20:53:34
Subject: Re: How to coordinate web team for security releases?
Previous:From: Stefan KaltenbrunnerDate: 2007-02-05 20:36:33
Subject: Re: How to coordinate web team for security releases?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group