X-Original-To: pgsql-bugs-postgresql.org@localhost.postgresql.org
Received: from localhost (av.hub.org [200.46.204.144])
	by svr1.postgresql.org (Postfix) with ESMTP id 7E1EDD6810;
	Fri, 25 Nov 2005 16:18:14 -0400 (AST)
Received: from svr1.postgresql.org ([200.46.204.71])
	by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024)
	with ESMTP id 78609-07; Fri, 25 Nov 2005 20:18:08 +0000 (GMT)
X-Greylist: from auto-whitelisted by SQLgrey-
X-Greylist: from auto-whitelisted by SQLgrey-
Received: from candle.pha.pa.us (candle.pha.pa.us [64.139.89.126])
	by svr1.postgresql.org (Postfix) with ESMTP id 9D8C9DB04E;
	Fri, 25 Nov 2005 16:18:04 -0400 (AST)
Received: (from pgman@localhost)
	by candle.pha.pa.us (8.11.6/8.11.6) id jAPKI1I28934;
	Fri, 25 Nov 2005 15:18:01 -0500 (EST)
From: Bruce Momjian <pgman@candle.pha.pa.us>
Message-Id: <200511252018.jAPKI1I28934@candle.pha.pa.us>
Subject: Re: [HACKERS] BUG #2052: Federal Agency Tech Hub Refuses to Accept
In-Reply-To: <200511251937.17858.peter_e@gmx.net>
To: Peter Eisentraut <peter_e@gmx.net>
Date: Fri, 25 Nov 2005 15:18:01 -0500 (EST)
CC: pgsql-hackers@postgresql.org, Simon Riggs <simon@2ndquadrant.com>,
	Tom Lane <tgl@sss.pgh.pa.us>, Stephen Frost <sfrost@snowman.net>,
	Ferindo Middleton <fmiddleton@verizon.net>, pgsql-bugs@postgresql.org
X-Mailer: ELM [version 2.4ME+ PL121 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Virus-Scanned: by amavisd-new at hub.org
X-Spam-Status: No, score=0.023 required=5 tests=[AWL=0.023]
X-Spam-Score: 0.023
X-Spam-Level: 
X-Archive-Number: 200511/265
X-Sequence-Number: 13629


If someone wants to create a separate web page to track fixes related to
CVE number, that is fine.  My guess is that most people reading the
release notes don't care about the CVE numbers themselves (just that
each release has all known security bugs fixed), and most bugs that are
fixed don't have CVE numbers at commit time.

---------------------------------------------------------------------------

Peter Eisentraut wrote:
> Bruce Momjian wrote:
> > I am not excited about referencing error numbers from someone else. 
> > We know our errors better than anyone else, so I don't see the point.
> 
> The point is, *we* might know our error numbers, but the rest of the 
> world doesn't.
> 
> And CVE isn't just "someone".  A large number of security groups, 
> government agencies, and OS distributors are involved there.  Using CVE 
> numbers, the public can, say, correlate bugtraq or CERT announcements 
> or Red Hat or Debian bugs to PostgreSQL patches and releases.  
> Copy-and-pasting the CVE number into the patch message or release note 
> entry really isn't that much to ask for that service.
> 
> -- 
> Peter Eisentraut
> http://developer.postgresql.org/~petere/
> 

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073