X-Original-To: pgsql-www-postgresql.org@localhost.postgresql.org
Received: from localhost (av.hub.org [200.46.204.144])
	by svr1.postgresql.org (Postfix) with ESMTP id D6AD9DBD8C
	for <pgsql-www-postgresql.org@localhost.postgresql.org>;
	Fri, 25 Nov 2005 16:39:07 -0400 (AST)
Received: from svr1.postgresql.org ([200.46.204.71])
	by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024)
	with ESMTP id 84338-01
	for <pgsql-www-postgresql.org@localhost.postgresql.org>;
	Fri, 25 Nov 2005 20:39:02 +0000 (GMT)
X-Greylist: from auto-whitelisted by SQLgrey-
Received: from smtp.nildram.co.uk (smtp.nildram.co.uk [195.112.4.54])
	by svr1.postgresql.org (Postfix) with ESMTP id DD36ADB04E
	for <pgsql-www@postgresql.org>; Fri, 25 Nov 2005 16:38:57 -0400 (AST)
Received: from [192.168.0.4] (213-208-104-206.dyn.gotadsl.co.uk
	[213.208.104.206]) by smtp.nildram.co.uk (Postfix) with ESMTP
	id 9499F256C42; Fri, 25 Nov 2005 20:38:54 +0000 (GMT)
Subject: Re: [BUGS] BUG #2052: Federal Agency Tech Hub Refuses to Accept
From: Simon Riggs <simon@2ndquadrant.com>
To: pgsql-www@postgresql.org
Cc: Peter Eisentraut <peter_e@gmx.net>,
	Magnus Hagander <mha@sollentuna.net>, Tom Lane <tgl@sss.pgh.pa.us>,
	Bruce Momjian <pgman@candle.pha.pa.us>, Stephen Frost <sfrost@snowman.net>,
	Ferindo Middleton <fmiddleton@verizon.net>
In-Reply-To: <24790.1132946312@sss.pgh.pa.us>
References: <200511251720.jAPHKN412761@candle.pha.pa.us>
	<1132944417.2906.23.camel@localhost.localdomain>
	<24790.1132946312@sss.pgh.pa.us>
Content-Type: text/plain
Date: Fri, 25 Nov 2005 20:38:57 +0000
Message-Id: <1132951137.2906.66.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) 
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at hub.org
X-Spam-Status: No, score=0 required=5 tests=[none]
X-Spam-Score: 0
X-Spam-Level: 
X-Archive-Number: 200511/151
X-Sequence-Number: 8866

On Fri, 2005-11-25 at 14:18 -0500, Tom Lane wrote:
> Simon Riggs <simon@2ndquadrant.com> writes:
> > Unless somebody else wants to do this, I'll discuss on -www how we can
> > get a page up on the .org site with this info on, so that we can be "CVE
> > compatible".
> 
> IMHO we should do that in any case, whether or not we mention CVEs
> in our release notes or CVS logs in the future.  So go for it...

Can I suggest a new web page at
http://www.postgresql.org/support/security
with links from the support page and a ShortCut from the home page,
called "Security Information".

The main page title could be Security Information, modelled where
appropriate on http://www.us.debian.org/security/ but not too closely.

We can put a link to this from release notes, so they will by reference
include the security information.

Not sure of the submission process/guidelines/format. Can someone send
me the link to the FAQ, cos I can't find it on the main wwweb site. 

Best Regards, Simon Riggs