Received: from localhost (maia-5.hub.org [200.46.204.182]) by postgresql.org (Postfix) with ESMTP id 383A79FA50C for ; Mon, 5 Feb 2007 16:12:52 -0400 (AST) Received: from postgresql.org ([200.46.204.71]) by localhost (mx1.hub.org [200.46.204.182]) (amavisd-new, port 10024) with ESMTP id 55581-02 for ; Mon, 5 Feb 2007 16:12:46 -0400 (AST) X-Greylist: from auto-whitelisted by SQLgrey-1.7.4 Received: from sss.pgh.pa.us (sss.pgh.pa.us [66.207.139.130]) by postgresql.org (Postfix) with ESMTP id 054FE9FB1EA for ; Mon, 5 Feb 2007 16:12:48 -0400 (AST) Received: from sss2.sss.pgh.pa.us (tgl@localhost [127.0.0.1]) by sss.pgh.pa.us (8.13.6/8.13.6) with ESMTP id l15KCSEI017832; Mon, 5 Feb 2007 15:12:28 -0500 (EST) To: Stefan Kaltenbrunner cc: Josh Berkus , pgsql-www@postgresql.org Subject: Re: How to coordinate web team for security releases? In-reply-to: <45C789B3.1010304@kaltenbrunner.cc> References: <200702051128.13819.josh@agliodbs.com> <45C789B3.1010304@kaltenbrunner.cc> Comments: In-reply-to Stefan Kaltenbrunner message dated "Mon, 05 Feb 2007 20:46:59 +0100" Date: Mon, 05 Feb 2007 15:12:28 -0500 Message-ID: <17831.1170706348@sss.pgh.pa.us> From: Tom Lane X-Virus-Scanned: Maia Mailguard 1.0.1 X-Archive-Number: 200702/33 X-Sequence-Number: 11438 Stefan Kaltenbrunner writes: > So to keep it really under the hood would probably be quite difficult to do. Certainly. We're not looking for something absolutely bulletproof, we just don't want to read about it on pgsql-announce before the actual release ;-). Postgres isn't the sort of target that is likely to have blackhats tracking our anoncvs watching for interesting commits. We think it's probably enough if we can keep the topic out of the public mailing lists until the release announcement. Or at least, let's try to accomplish that before worrying about anything tighter. (Speaking of which, somebody can go ahead and approve those Security: pgsql-commit messages now ...) regards, tom lane