X-Original-To: pgsql-hackers-postgresql.org@localhost.postgresql.org
Received: from localhost (av.hub.org [200.46.204.144])
	by svr1.postgresql.org (Postfix) with ESMTP id 72B76DA2F6
	for <pgsql-hackers-postgresql.org@localhost.postgresql.org>;
	Thu, 24 Nov 2005 14:14:35 -0400 (AST)
Received: from svr1.postgresql.org ([200.46.204.71])
	by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024)
	with ESMTP id 76099-09
	for <pgsql-hackers-postgresql.org@localhost.postgresql.org>;
	Thu, 24 Nov 2005 18:14:34 +0000 (GMT)
X-Greylist: from auto-whitelisted by SQLgrey-
Received: from mail2.dbitech.ca (radius.wavefire.com [64.141.13.252])
	by svr1.postgresql.org (Postfix) with SMTP id 4587DD7945
	for <pgsql-hackers@postgresql.org>;
	Thu, 24 Nov 2005 14:14:31 -0400 (AST)
Received: (qmail 14195 invoked from network); 24 Nov 2005 20:41:32 -0000
Received: from dbitech.internal.wavefire.ca (64.141.15.12)
	by radius.wavefire.com with SMTP; 24 Nov 2005 20:41:32 -0000
From: Darcy Buskermolen <darcy@wavefire.com>
Organization: Wavefire Technologies Corp
To: pgsql-hackers@postgresql.org
Subject: Re: [BUGS] BUG #2052: Federal Agency Tech Hub Refuses to Accept
Date: Thu, 24 Nov 2005 10:16:05 -0800
User-Agent: KMail/1.8.3
Cc: Peter Eisentraut <peter_e@gmx.net>,
 Simon Riggs <simon@2ndquadrant.com>
References: <20051118035436.294A5F0BB7@svr2.postgresql.org>
	<1132827194.4347.27.camel@localhost.localdomain>
	<200511241509.10303.peter_e@gmx.net>
In-Reply-To: <200511241509.10303.peter_e@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200511241016.05714.darcy@wavefire.com>
X-Virus-Scanned: by amavisd-new at hub.org
X-Spam-Status: No, score=0 required=5 tests=[none]
X-Spam-Score: 0
X-Spam-Level: 
X-Archive-Number: 200511/1271
X-Sequence-Number: 76553

On Thursday 24 November 2005 06:09, Peter Eisentraut wrote:
> Simon Riggs wrote:
> > I was unaware of this. I've looked at the release notes and searched
> > the archives, but this doesn't seem to be mentioned by CVE number.
> > (The vulnerabilities and their resolutions are described, just
> > without direct cross reference to their CVE number.)
>
> We really should write the CVE numbers into the commit messages and the
> release notes.
I also belive that we should have these referenced visably on the website much 
the same way apache does:
http://httpd.apache.org/security_report.html

-- 
Darcy Buskermolen
Wavefire Technologies Corp.

http://www.wavefire.com
ph: 250.717.0200
fx: 250.763.1759