From: | Devrim GÜNDÜZ <devrim(at)gunduz(dot)org> |
---|---|
To: | PostgreSQL Announce ML <pgsql-announce(at)postgresql(dot)org> |
Subject: | PostgreSQL RPM Repository: Security announcement |
Date: | 2012-07-12 14:25:32 |
Message-ID: | 1342103132.18166.9.camel@lenovo01-laptop03.gunduz.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-announce |
Hi,
Red Hat Inc's Information Security Team has recently contacted us about
a possible security issue with a previous PostgreSQL RPM repository.
A few years ago, when the project first started, the project used the
pgsqlrpms.org domain, which was first replaced by pgrpms.org, and the
replaced with the final location: yum.postgresql.org . During these
transitions, we made a lot of effort to make our users comfortable, such
as auto-updating the repo URL. However, there are a lot of articles on
the Internet that still point to the old URLs.
pgrpms.org is scheduled to be managed by the PostgreSQL NPO in Canada,
so it will stay as a community domain. However, pgsqlrpms.org is not
under our control anymore. All the links currently return OK, but
someone may one day place malware on the site, resulting in a security
breach.
So, if you are the YUM repo user, and are still using the very old
domain name, please update the repository RPM as soon as possible:
http://yum.postgresql.org/repopackages.php
If you want to verify that you are using the correct
repository/packages, please use this GPG key to verify your packages:
https://www.postgresql.org/download/keys/RPM-GPG-KEY-PGDG
Feel free to contact me for any questions.
Regards,
--
Devrim GÜNDÜZ
PostgreSQL Community RPM Developer
From | Date | Subject | |
---|---|---|---|
Next Message | David Fetter | 2012-07-16 05:04:04 | == PostgreSQL Weekly News - July 15 2012 == |
Previous Message | Daniele Varrazzo | 2012-07-11 10:54:11 | PGXN Client 1.1 released |