| From: | Simon Riggs <simon(at)2ndquadrant(dot)com> |
|---|---|
| To: | Magnus Hagander <mha(at)sollentuna(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-www(at)postgresql(dot)org |
| Subject: | Re: Security information page |
| Date: | 2005-11-27 22:51:05 |
| Message-ID: | 1133131865.2906.234.camel@localhost.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Sun, 2005-11-27 at 21:52 +0100, Magnus Hagander wrote:
..Tom Lane wrote
> > I think the bit about "Our goal is to gain and maintain
> > CVE-compatible status" is bogus. As near as I can tell,
> > Mitre's definition of CVE compatibility applies to security
> > products (eg, vulnerability scanners) which Postgres is not.
>
> Um. Not really - products like Debian are CVE compatible
> (http://www.us.debian.org/security/cve-compatibility) so it's not just
> for security products.
>
> > You could maybe say that this one web page is something that
> > could apply for CVE compatibility status, but are we going to
> > jump through those hoops for one web page? Nyet.
>
> Right. I'll take that off until such a time as we're further along that
> process (see Simons mails).
I'll re-raise this as a separate item, later; one step at a time.
> Looks better now?
And the first step looks very good now.
Best Regards, Simon Riggs
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc G. Fournier | 2005-11-27 23:00:10 | Re: svr2/unionfs |
| Previous Message | Neil Conway | 2005-11-27 22:35:54 | Re: Security information page |