Received: from localhost (maia-4.hub.org [200.46.204.183]) by postgresql.org (Postfix) with ESMTP id 503769FB2B9 for ; Mon, 5 Feb 2007 18:04:52 -0400 (AST) Received: from postgresql.org ([200.46.204.71]) by localhost (mx1.hub.org [200.46.204.183]) (amavisd-new, port 10024) with ESMTP id 54835-05 for ; Mon, 5 Feb 2007 18:04:49 -0400 (AST) X-Greylist: from auto-whitelisted by SQLgrey-1.7.4 Received: from sss.pgh.pa.us (sss.pgh.pa.us [66.207.139.130]) by postgresql.org (Postfix) with ESMTP id D91069FA0F6 for ; Mon, 5 Feb 2007 18:04:48 -0400 (AST) Received: from sss2.sss.pgh.pa.us (tgl@localhost [127.0.0.1]) by sss.pgh.pa.us (8.13.6/8.13.6) with ESMTP id l15M4kUY021525; Mon, 5 Feb 2007 17:04:46 -0500 (EST) To: Devrim GUNDUZ cc: "pgsql-www@postgresql.org" Subject: Re: How to coordinate web team for security releases? In-reply-to: <1170712415.3056.25.camel@laptop.gunduz.org> References: <200702051128.13819.josh@agliodbs.com> <45C78B00.4020203@hagander.net> <1170712415.3056.25.camel@laptop.gunduz.org> Comments: In-reply-to Devrim GUNDUZ message dated "Mon, 05 Feb 2007 23:53:35 +0200" Date: Mon, 05 Feb 2007 17:04:46 -0500 Message-ID: <21524.1170713086@sss.pgh.pa.us> From: Tom Lane X-Virus-Scanned: Maia Mailguard 1.0.1 X-Archive-Number: 200702/58 X-Sequence-Number: 11463 Devrim GUNDUZ writes: > * Upload the new tarballs to a private area (instead of public FTP site) > so that only packagers and other related people can download them to > build the packages, etc. We're not going to be able to make things really water-tight unless we are willing to close off CVS somehow; which is not an idea I favor. So I'm not particularly concerned about hiding tarballs --- especially since that's not something we'd do in a normal, non-security release cycle. As I said before, keeping it off the mailing lists is probably sufficient, and in any case has to be our first goal before we start worrying about any more-invasive procedural changes. regards, tom lane