Re: BUG #2052: Federal Agency Tech Hub Refuses to Accept

Tom Lane wrote:
> "Ferindo Middleton" <fmiddleton(at)verizon(dot)net> writes:
>
>> This bug report involves more than one proposed bug. I work at a federal
>> government agency. The information technology division at this agency
>> refuses to allow the database version 8.0.4 on their network because of
>> several security vulnerabilities they noticed when testing the software
>> application.
>>
>
> They obviously haven't "tested" anything --- they are merely reading the
> CVE reports for old Postgres versions. All known CVE problems are
> resolved in 8.0.4.
>
> (If they were actually serious about security, they wouldn't be letting
> you run Windows 2000 inside their network, but I digress.)
>
> regards, tom lane
>
>

Thanks for your support with this. I had presented the IT support team
at this agency with the information you all provided that these
CVEs/bugs were resolved in previous versions to 8.0.4 and they suddenly
argued that it wasn’t the CVE’s that were the problem (without admitting
that they never really tested 8.0.4 in the first place)… I’m sorry if I
wasted anybody’s time or irritated anyone by assuming that these bugs
were actually valid in 8.0.4… I’m starting to get tied up in a bunch of
bureaucratic tape dealing with these people. I think their just scared
of having to deal with the support overhead they think they'll have to
assume if they introduce another DBMS on their network…

Thank you,

Ferindo Middleton