| From: | Pascal Meunier <pmeunier(at)cerias(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Jim C(dot) Nasby" <jimn(at)enterprisedb(dot)com>, <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: minor feature request: Secure defaults during |
| Date: | 2006-09-18 18:49:23 |
| Message-ID: | C1346273.15326%pmeunier@cerias.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 9/18/06 2:00 PM, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Pascal Meunier <pmeunier(at)cerias(dot)net> writes:
>> I asked MITRE to provide a CCE number for this issue (the CCE is a new
>> effort like the CVE, but for configuration issues instead of
>> vulnerabilities). I'll let you know if it happens.
>
> Trying to force us to change things by getting Mitre involved is a
> really really good way to get pushback. I think you just killed any
> chance of getting this idea adopted.
>
> regards, tom lane
>
Please forgive my chronic lack of tact, which is evident in my previous
email; it is one of my flaws. I've been involved in the CVE for a long
time, where the original idea was to give a number to every issue under
discussion (including ones that aren't confirmed -- those were candidates),
so getting a CCE number seemed a normal process to me. I also read your
previous email as a likely dismissal, and did not want you to be surprised
by seeing a CCE assigned to it. I'm sorry it offended you so much,
regardless of the outcome. Moreover, I'd rather be a carpet to the
PostgreSQL developers than be cited as the cause for a security improvement
not being made, due to having antagonized so much the developers. Please,
consider the issue and not the silly messenger.
Sincerely,
Pascal Meunier
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2006-09-18 18:51:45 | Re: Mid cycle release? |
| Previous Message | Gevik Babakhani | 2006-09-18 18:46:57 | Re: An Idea for OID conflicts |