Received: from localhost (maia-2.hub.org [200.46.204.187]) by postgresql.org (Postfix) with ESMTP id 588A99FB27B for ; Mon, 5 Feb 2007 15:51:35 -0400 (AST) Received: from postgresql.org ([200.46.204.71]) by localhost (mx1.hub.org [200.46.204.187]) (amavisd-new, port 10024) with ESMTP id 72103-07 for ; Mon, 5 Feb 2007 15:51:30 -0400 (AST) X-Greylist: from auto-whitelisted by SQLgrey-1.7.4 Received: from davinci.ethosmedia.com (server227.ethosmedia.com [209.128.84.227]) by postgresql.org (Postfix) with ESMTP id 1B5D99FA4CA for ; Mon, 5 Feb 2007 15:51:31 -0400 (AST) X-EthosMedia-Virus-Scanned: no infections found Received: from [63.195.55.98] (account josh@agliodbs.com HELO spooky.sf.agliodbs.com) by davinci.ethosmedia.com (CommuniGate Pro SMTP 4.1.8) with ESMTP id 11353663; Mon, 05 Feb 2007 11:55:26 -0800 From: Josh Berkus Organization: PostgreSQL @ Sun To: Stefan Kaltenbrunner Subject: Re: How to coordinate web team for security releases? Date: Mon, 5 Feb 2007 11:51:30 -0800 User-Agent: KMail/1.8.2 Cc: pgsql-www@postgresql.org References: <200702051128.13819.josh@agliodbs.com> <45C789B3.1010304@kaltenbrunner.cc> In-Reply-To: <45C789B3.1010304@kaltenbrunner.cc> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200702051151.30474.josh@agliodbs.com> X-Virus-Scanned: Maia Mailguard 1.0.1 X-Archive-Number: 200702/26 X-Sequence-Number: 11431 Stefan, > well not that is closely related to the -www issue but the fix/patch > will end up on anoncvs/viewcvs days before the release too (and will get > published including the Security: tag and the commit message there and > distributed to the buildfarm boxes at least). > So to keep it really under the hood would probably be quite difficult to > do. Actually, we were discussing mechanisms to change that on -core. Suggestions are welcome. Mostly we just want to keep a tight lid on security expoloit information until the day of release. -- Josh Berkus PostgreSQL @ Sun San Francisco