Skip site navigation (1) Skip section navigation (2)

Re: Purge obsolete security updates?

From: David Fetter <david(at)fetter(dot)org>
To: Josh Berkus <josh(at)agliodbs(dot)com>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, w^3 <pgsql-www(at)postgresql(dot)org>
Subject: Re: Purge obsolete security updates?
Date: 2011-02-02 14:14:47
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-www
On Mon, Jan 31, 2011 at 03:52:03PM -0800, Josh Berkus wrote:
> >> ... currently has security patch information going back to 2004.
> >> I'd like to cut everything which only applies through version 8.0
> >> as obsolete.  This would mean cutting all notices starting with
> >> CVE-2006-0678.
> > 
> > Well there are two notices prior to that that apply to 8.1.
> Oh, yeah, well spotted.  Those two would be untouched.
> > Will the information still be archived someplace if someone needs
> > it?
> The release notes will still be available.
> > I might be more inclined to move it to a separate page than to
> > nuke it completely.
> Why?  What's the point in keeping it around?

The *act* of removing it is the one we want to avoid even the
appearance of doing.  It's an affirmative act, and one that could make
us look very bad.

David Fetter <david(at)fetter(dot)org>
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david(dot)fetter(at)gmail(dot)com
iCal: webcal://

Remember to vote!
Consider donating to Postgres:

In response to

pgsql-www by date

Next:From: Bruce MomjianDate: 2011-02-02 23:24:31
Subject: Re: I thought we were keeping the cvsweb server online?
Previous:From: Tom LaneDate: 2011-02-01 17:44:12
Subject: Re: Purge obsolete security updates?

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group