X-Original-To: pgsql-bugs-postgresql.org@localhost.postgresql.org Received: from localhost (av.hub.org [200.46.204.144]) by svr1.postgresql.org (Postfix) with ESMTP id AFCD3D9EDD for ; Mon, 21 Nov 2005 21:00:17 -0400 (AST) Received: from svr1.postgresql.org ([200.46.204.71]) by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024) with ESMTP id 13856-08 for ; Tue, 22 Nov 2005 01:00:19 +0000 (GMT) X-Greylist: delayed 00:59:59.53606 by SQLgrey- Received: from vms040pub.verizon.net (vms040pub.verizon.net [206.46.252.40]) by svr1.postgresql.org (Postfix) with ESMTP id F2E72DA7DE for ; Mon, 21 Nov 2005 21:00:14 -0400 (AST) Received: from [192.168.1.15] ([141.156.211.154]) by vms040.mailsrvcs.net (Sun Java System Messaging Server 6.2-4.02 (built Sep 9 2005)) with ESMTPA id <0IQB00M2GXCEDT1D@vms040.mailsrvcs.net> for pgsql-bugs@postgresql.org; Mon, 21 Nov 2005 18:00:14 -0600 (CST) Date: Mon, 21 Nov 2005 19:00:15 -0500 From: Ferindo Middleton Jr Subject: Re: BUG #2052: Federal Agency Tech Hub Refuses to Accept In-reply-to: <5821.1132324363@sss.pgh.pa.us> To: Tom Lane Cc: pgsql-bugs@postgresql.org, mha@sollentuna.net, sfrost@snowman.net Reply-to: fmiddleton@verizon.net Message-id: <43825F8F.308@verizon.net> Organization: Sleek Collar MIME-version: 1.0 Content-type: text/plain; charset=windows-1252; format=flowed Content-transfer-encoding: quoted-printable References: <20051118035436.294A5F0BB7@svr2.postgresql.org> <5821.1132324363@sss.pgh.pa.us> User-Agent: Thunderbird 1.4.1 (Windows/20051006) X-Virus-Scanned: by amavisd-new at hub.org X-Spam-Status: No, score=1.919 required=5 tests=[DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44] X-Spam-Score: 1.919 X-Spam-Level: * X-Archive-Number: 200511/219 X-Sequence-Number: 13583 Tom Lane wrote: > "Ferindo Middleton" writes: > =20 >> This bug report involves more than one proposed bug. I work at a feder= al >> government agency. The information technology division at this agency >> refuses to allow the database version 8.0.4 on their network because o= f >> several security vulnerabilities they noticed when testing the softwar= e >> application. >> =20 > > They obviously haven't "tested" anything --- they are merely reading th= e > CVE reports for old Postgres versions. All known CVE problems are > resolved in 8.0.4. > > (If they were actually serious about security, they wouldn't be letting= > you run Windows 2000 inside their network, but I digress.) > > regards, tom lane > > =20 Thanks for your support with this. I had presented the IT support team=20 at this agency with the information you all provided that these=20 CVEs/bugs were resolved in previous versions to 8.0.4 and they suddenly=20 argued that it wasn=92t the CVE=92s that were the problem (without admitt= ing=20 that they never really tested 8.0.4 in the first place)=85 I=92m sorry if= I=20 wasted anybody=92s time or irritated anyone by assuming that these bugs=20 were actually valid in 8.0.4=85 I=92m starting to get tied up in a bunch = of=20 bureaucratic tape dealing with these people. I think their just scared=20 of having to deal with the support overhead they think they'll have to=20 assume if they introduce another DBMS on their network=85 Thank you, Ferindo Middleton