| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Neil Conway <neilc(at)samurai(dot)com> |
| Cc: | Greg Copeland <greg(at)CopelandConsulting(dot)Net>, "Thomas O'Connell" <tfo(at)monsterlabs(dot)com>, PostgresSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: recent security activity |
| Date: | 2002-08-22 23:07:05 |
| Message-ID: | 3523.1030057625@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Neil Conway <neilc(at)samurai(dot)com> writes:
> Would the purpose of the list be for publicizing vulnerabilities and
> patches, or for the discussion of potential security problems, code
> auditing, and related development activity?
> If the former, I think pgsql-announce is adequate for that purpose. If
> the latter, I'd rather see that kind of discussion on -hackers, so
> that other developers are aware of what's going on.
Also worth noting in this connection: if someone wants to report a
security issue to the developers *without* publicizing it (as used to
be considered good form), you can send to the pgsql-core mailing list.
This goes to just the core committee members and is not archived anywhere
public.
I tend to agree with Neil that a separate -security list isn't needed,
but will not stand in the way if there's sufficient interest.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-08-22 23:27:46 | Re: Release of v7.2.2 (Was: Re: @(#)Mordred Labs ad...) |
| Previous Message | Bruce Momjian | 2002-08-22 22:53:51 | Re: Release of v7.2.2 (Was: Re: @(#)Mordred Labs ad...) |