| From: | Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-www(at)postgresql(dot)org |
| Subject: | Re: How to coordinate web team for security releases? |
| Date: | 2007-02-05 20:40:09 |
| Message-ID: | 45C79629.5030103@kaltenbrunner.cc |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
Tom Lane wrote:
> Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc> writes:
>> So to keep it really under the hood would probably be quite difficult to do.
>
> Certainly. We're not looking for something absolutely bulletproof, we
> just don't want to read about it on pgsql-announce before the actual
> release ;-). Postgres isn't the sort of target that is likely to have
> blackhats tracking our anoncvs watching for interesting commits. We
> think it's probably enough if we can keep the topic out of the public
> mailing lists until the release announcement. Or at least, let's try
> to accomplish that before worrying about anything tighter.
That is probably a reasonable approach to the whole issue - and for the
anoncvs/buildfarm testing thing(if we want/need that even for such
patches) we could maybe look into the recent discussion on allowing
certain patches to be pulled from trusted people.
Maybe one could use that infrastructure to get basic buildfarm testing
without the need to commit to to the main public tree immediatly.
However the time gained from that might not be worth the pain ...
Stefan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2007-02-05 20:53:34 | Re: How to coordinate web team for security releases? |
| Previous Message | Stefan Kaltenbrunner | 2007-02-05 20:36:33 | Re: How to coordinate web team for security releases? |