On Sun, 2005-11-27 at 21:52 +0100, Magnus Hagander wrote:
..Tom Lane wrote
> > I think the bit about "Our goal is to gain and maintain
> > CVE-compatible status" is bogus. As near as I can tell,
> > Mitre's definition of CVE compatibility applies to security
> > products (eg, vulnerability scanners) which Postgres is not.
> Um. Not really - products like Debian are CVE compatible
> (http://www.us.debian.org/security/cve-compatibility), so it's not just
> for security products.
> > You could maybe say that this one web page is something that
> > could apply for CVE compatibility status, but are we going to
> > jump through those hoops for one web page? Nyet.
> Right. I'll take that off until such a time as we're further along that
> process (see Simons mails).
I'll re-raise this as a separate item, later; one step at a time.
> Looks better now?
And the first step looks very good now.
Best Regards, Simon Riggs
In response to
pgsql-www by date
|Next:||From: Marc G. Fournier||Date: 2005-11-27 23:00:10|
|Subject: Re: svr2/unionfs|
|Previous:||From: Neil Conway||Date: 2005-11-27 22:35:54|
|Subject: Re: Security information page|