Extra security measures for next week's releases

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: pgsql-hackers(at)postgreSQL(dot)org
Subject: Extra security measures for next week's releases
Date: 2013-03-28 17:03:05
Message-ID: 14040.1364490185@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

The core committee has decided that one of the security issues due to be
fixed next week is sufficiently bad that we need to take extra measures
to prevent it from becoming public before packages containing the fix
are available. (This is a scenario we've discussed before, but never
had to actually implement.)

What we intend to do is shut off updates from the master git repo to
the anonymous-git mirror, and to github, from Monday afternoon until
Thursday morning. Commit-log emails to pgsql-committers will also be
held for this period. This will prevent the commits that fix and
document the bug from becoming visible to anyone except Postgres
committers. Updates will resume as soon as the release announcement
is made.

Although committers will still be able to work normally, we realize
that this is likely to be a handicap for non-committers; and it will
also mean that buildfarm runs will not test any new commits until the
mirrors are allowed to update. We do not intend to start doing this
as a routine thing, and apologize in advance for any disruption.
It seems necessary in this instance, however.

regards, tom lane


Browse pgsql-hackers by date

  From Date Subject
Next Message Steve Singer 2013-03-28 19:06:30 Re: pg_upgrade segfaults when given an invalid PGSERVICE value
Previous Message Kohei KaiGai 2013-03-28 16:33:24 Re: [sepgsql 1/3] add name qualified creation label