X-Original-To: pgsql-bugs-postgresql.org@localhost.postgresql.org
Received: from localhost (av.hub.org [200.46.204.144])
	by svr1.postgresql.org (Postfix) with ESMTP id 1885AD781A
	for <pgsql-bugs-postgresql.org@localhost.postgresql.org>;
	Fri, 25 Nov 2005 14:37:26 -0400 (AST)
Received: from svr1.postgresql.org ([200.46.204.71])
	by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024)
	with ESMTP id 54213-06
	for <pgsql-bugs-postgresql.org@localhost.postgresql.org>;
	Fri, 25 Nov 2005 18:37:24 +0000 (GMT)
X-Greylist: domain auto-whitelisted by SQLgrey-
Received: from mail.gmx.net (mail.gmx.de [213.165.64.20])
	by svr1.postgresql.org (Postfix) with SMTP id C48EED6810
	for <pgsql-bugs@postgresql.org>; Fri, 25 Nov 2005 14:37:21 -0400 (AST)
Received: (qmail invoked by alias); 25 Nov 2005 18:37:20 -0000
Received: from dslb-084-063-062-048.pools.arcor-ip.net (EHLO colt.pezone.net)
	[84.63.62.48]
	by mail.gmx.net (mp028) with SMTP; 25 Nov 2005 19:37:20 +0100
X-Authenticated: #495269
From: Peter Eisentraut <peter_e@gmx.net>
To: pgsql-hackers@postgresql.org
Subject: Re: [HACKERS] BUG #2052: Federal Agency Tech Hub Refuses to Accept
Date: Fri, 25 Nov 2005 19:37:16 +0100
User-Agent: KMail/1.8.2
Cc: Bruce Momjian <pgman@candle.pha.pa.us>,
	Simon Riggs <simon@2ndquadrant.com>, Tom Lane <tgl@sss.pgh.pa.us>,
	Stephen Frost <sfrost@snowman.net>,
	Ferindo Middleton <fmiddleton@verizon.net>, pgsql-bugs@postgresql.org
References: <200511251720.jAPHKN412761@candle.pha.pa.us>
In-Reply-To: <200511251720.jAPHKN412761@candle.pha.pa.us>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200511251937.17858.peter_e@gmx.net>
X-Y-GMX-Trusted: 0
X-Virus-Scanned: by amavisd-new at hub.org
X-Spam-Status: No, score=0 required=5 tests=[none]
X-Spam-Score: 0
X-Spam-Level: 
X-Archive-Number: 200511/262
X-Sequence-Number: 13626

Bruce Momjian wrote:
> I am not excited about referencing error numbers from someone else. 
> We know our errors better than anyone else, so I don't see the point.

The point is, *we* might know our error numbers, but the rest of the 
world doesn't.

And CVE isn't just "someone".  A large number of security groups, 
government agencies, and OS distributors are involved there.  Using CVE 
numbers, the public can, say, correlate bugtraq or CERT announcements 
or Red Hat or Debian bugs to PostgreSQL patches and releases.  
Copy-and-pasting the CVE number into the patch message or release note 
entry really isn't that much to ask for that service.

-- 
Peter Eisentraut
http://developer.postgresql.org/~petere/