Re: Problem with OpenSCG downloads

On Fri, Aug 17, 2018 at 2:35 PM, Jim Mlodgenski <jimmy76(at)gmail(dot)com> wrote:

>
>
> On Fri, Aug 17, 2018 at 3:48 AM, Magnus Hagander <magnus(at)hagander(dot)net>
> wrote:
>
>>
>>
>> On Fri, Aug 17, 2018 at 4:39 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>>
>>> On Thu, Aug 16, 2018 at 09:25:36AM -0700, Andres Freund wrote:
>>> > On 2018-08-16 16:32:00 +0100, Justin Clift wrote:
>>> > > On 2018-08-16 16:25, Andres Freund wrote:
>>> > > > FWIW, I find this pretty damning given that there's been new
>>> security
>>> > > > release for a week: You've added no notes about it to the bigsql
>>> > > > download page. Pinged nobody, to get the downloadlinks temporarily
>>> > > > adorned with a warning on the pg site. And then there's the issue
>>> that
>>> > > > the dates besides the releases on the download page are
>>> referencing the
>>> > > > date of the newest set of minor releases, but aren't actually new.
>>> > > >
>>> > > > This is ridiculously intransparent.
>>> > >
>>> > > Is it fairly simple for us to just comment out/remove the links for
>>> now?
>>> > >
>>> > > We don't want to be pointing people to software with known security
>>> issues.
>>> > >
>>> > > We can put the links back in when the updated downloads are in
>>> place. :)
>>> >
>>> > Probably don't want to remove them entirely, it might prevent people
>>> > from upgrading from an even older release with more serious issues. But
>>> > a red warning seems appropriate.
>>>
>>> Agreed. We need to do something _now_, and the fact that we are having
>>> to discover this instead of OpenSCG telling us is a good reason to
>>> suspect the use of this download site in the future.
>>>
>>> Looking at their website now, does it show they now have the proper
>>> binaries?
>>>
>>> https://www.openscg.com/bigsql/postgresql/installers/
>>>
>>> PostgreSQL 10.5 - Stable (09-Aug-18)
>>>
>>> postgresql-10.5-win64.exe
>>> postgresql-10.5-osx64.dmg
>>>
>>>
>> Per the filenames it looks like they do. But the dates are still
>> backdated on them?
>>
>> Jim, any confirmation on the status?
>>
>>
> Yes, we pushed the latest installers last night.
>

Great, thanks for confirming!

The reason for the back date is because we did post new binaries on Aug-9,
> but didn't post the new installers until last night. That meant that
> existing users of the installers would get the latest updates posted on
> Aug-9 if they checked for updates through the mechanism of their existing
> install. Also, if new users installed the older version, at the end they
> would see there are updates available if they checked. The server we used
> to wrap the installers was down which caused the delay.
>

Ah, gotcha. That explains it.

Sorry for the trouble and we'll be much more proactive of letting everyone
> know if we have any difficulty in the future which I don't anticipate
> happening.
>
>
Thanks!

--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>