public inbox for [email protected]
help / color / mirror / Atom feedFrom: Simon Riggs <[email protected]>
To: Magnus Hagander <[email protected]>
Cc: [email protected]
Subject: Re: Security information page
Date: Sun, 27 Nov 2005 17:39:04 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
On Sun, 2005-11-27 at 13:46 +0100, Magnus Hagander wrote:
> Per some discussion last week, I've put together a page with security
> information. Basically an introduction written by Simon and a table I
> pulled together by going through the CVE list and matching it up with
> our cvs versions.
>
> As it makes some statements on behalf of the beleifs of the PGDG (the
> introduction), I'm giving everybody a good chance to complain and
> correct before it goes onto the actual website. Oh, and please also
> point out any incorrectness or missing information in the actual
> table...
>
> The link for the in progress version is
> http://magnus-master.pgadmin.org/support/security.
>
Some background to the statements made is probably required also.
We touched briefly upon what CVE is in various other posts on hackers.
The main CVE website is http://www.cve.mitre.org/
Maintaining CVE-compatible status is likely to be fairly important for
security risk management. It will also raise the profile of PostgreSQL
as secure software since CVE will list this project on their
compatibility page.
There are some basic requirements of CVE compatibility:
http://www.cve.mitre.org/compatible/ which are described in even more
detail here
http://www.cve.mitre.org/compatible/requirements.html
The link to CVE and the statement of support for CVE are part of those
requirements. Those are modelled after the Debian Security Information
page at http://www.us.debian.org/security/. That has nothing to do with
whether I am or am not a Debian supporter, its just a guide as to how we
might make statements to claim CVE-compatibility.
I'm happy to be the coordinator for CVE compatibility and fill out the
forms to apply for the external review. I'd also be happy if another
would like to claim this task.
Best Regards, Simon Riggs
view thread (12+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Security information page
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox