Received: from localhost (maia-1.hub.org [200.46.204.191])
	by postgresql.org (Postfix) with ESMTP id 491249FB2EE
	for <pgsql-www-postgresql.org@postgresql.org>;
	Mon,  5 Feb 2007 17:54:34 -0400 (AST)
Received: from postgresql.org ([200.46.204.71])
	by localhost (mx1.hub.org [200.46.204.191]) (amavisd-new, port 10024)
	with ESMTP id 15860-07 for <pgsql-www-postgresql.org@postgresql.org>;
	Mon,  5 Feb 2007 17:54:31 -0400 (AST)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.4
Received: from sss.pgh.pa.us (sss.pgh.pa.us [66.207.139.130])
	by postgresql.org (Postfix) with ESMTP id 98A579FA2A1
	for <pgsql-www@postgresql.org>; Mon,  5 Feb 2007 17:54:31 -0400 (AST)
Received: from sss2.sss.pgh.pa.us (tgl@localhost [127.0.0.1])
	by sss.pgh.pa.us (8.13.6/8.13.6) with ESMTP id l15LsTCU021360;
	Mon, 5 Feb 2007 16:54:29 -0500 (EST)
To: Devrim GUNDUZ <devrim@CommandPrompt.com>
cc: pgsql-www@postgresql.org
Subject: Re: How to coordinate web team for security releases? 
In-reply-to: <1170712002.3056.19.camel@laptop.gunduz.org> 
References: <200702051128.13819.josh@agliodbs.com>
	<20070205210315.GA7988@fetter.org> <20476.1170711517@sss.pgh.pa.us>
	<1170712002.3056.19.camel@laptop.gunduz.org>
Comments: In-reply-to Devrim GUNDUZ <devrim@CommandPrompt.com>
	message dated "Mon, 05 Feb 2007 23:46:42 +0200"
Date: Mon, 05 Feb 2007 16:54:29 -0500
Message-ID: <21359.1170712469@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Archive-Number: 200702/52
X-Sequence-Number: 11457

Devrim GUNDUZ <devrim@CommandPrompt.com> writes:
> On Mon, 2007-02-05 at 16:38 -0500, Tom Lane wrote:
>> * Dave (and Devrim too) making commits that made it obvious something
>> was afoot.  They could and should have used the Security: filter that
>> Marc set up to cause those messages to be held for moderator approval.

> How?

If there's a line beginning 'Security: ' (note the space, and I think
it's case sensitive) in a pgsql-committers message then it'll get held
for moderator approval.  You'll see some examples as soon as Marc gets
around to releasing my commits from last week.  I thought Marc was going
to notify all the committers about the existence of this mechanism, but
I guess it didn't happen.

> Does it also work for pgfoundry commits?

AFAIK any traffic to pgsql-committers will be handled this way.  If
you've got other outlets for your commit messages then you need to take
it up with them.

> It should be sent to the slaves list I think, as JoshB said in his
> e-mail. It is closed subscription.

I could go with using either slaves or -packagers, though I'd lean to
the former as helping to avoid useless cross-chatter.  I think the
packagers have different concerns as a rule than the webfolk.

			regards, tom lane