X-Original-To: pgsql-bugs-postgresql.org@localhost.postgresql.org
Received: from localhost (av.hub.org [200.46.204.144])
	by svr1.postgresql.org (Postfix) with ESMTP id B00ACD80AA;
	Fri, 25 Nov 2005 16:53:05 -0400 (AST)
Received: from svr1.postgresql.org ([200.46.204.71])
	by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024)
	with ESMTP id 84305-07; Fri, 25 Nov 2005 20:53:04 +0000 (GMT)
X-Greylist: delayed 00:09:47.654718 by SQLgrey-
X-Greylist: from auto-whitelisted by SQLgrey-
Received: from hogranch.com (hogranch.com [66.117.128.240])
	by svr1.postgresql.org (Postfix) with ESMTP id 80EC2D6810;
	Fri, 25 Nov 2005 16:53:00 -0400 (AST)
Received: from [192.168.0.2] (porker [192.168.0.2])
	by hogranch.com (8.11.6/8.11.6) with ESMTP id jAPKh1F23202;
	Fri, 25 Nov 2005 12:43:01 -0800
Message-ID: <43877750.5040504@hogranch.com>
Date: Fri, 25 Nov 2005 12:42:56 -0800
From: John R Pierce <pierce@hogranch.com>
User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Bruce Momjian <pgman@candle.pha.pa.us>
CC: Peter Eisentraut <peter_e@gmx.net>, pgsql-hackers@postgresql.org,
	Simon Riggs <simon@2ndquadrant.com>, Tom Lane <tgl@sss.pgh.pa.us>,
	Stephen Frost <sfrost@snowman.net>,
	Ferindo Middleton <fmiddleton@verizon.net>, pgsql-bugs@postgresql.org
Subject: Re: [HACKERS] BUG #2052: Federal Agency Tech Hub Refuses to
References: <200511252018.jAPKI1I28934@candle.pha.pa.us>
In-Reply-To: <200511252018.jAPKI1I28934@candle.pha.pa.us>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-HawgScanner-Information: Please contact the ISP for more information
X-HawgScanner: Found to be clean
X-Virus-Scanned: by amavisd-new at hub.org
X-Spam-Status: No, score=-8 required=5 tests=[HABEAS_ACCREDITED_COI=-8]
X-Spam-Score: -8
X-Spam-Level: 
X-Archive-Number: 200511/267
X-Sequence-Number: 13631

Bruce Momjian wrote:
> If someone wants to create a separate web page to track fixes related to
> CVE number, that is fine.  My guess is that most people reading the
> release notes don't care about the CVE numbers themselves (just that
> each release has all known security bugs fixed), and most bugs that are
> fixed don't have CVE numbers at commit time.

I think its quite reasonable for the one line description of a postgres 
bug to reference "CVE-2005-0247 multiple buffer overflows..." or 
whatever, I guess it kind of depends on which came first...  if the CVE 
security item came first, and was entered into the PGSQL bug tracker, 
then this makes a LOT of sense.  if the CVE folks create their entry 
AFTER the bug has been entered into PGSQL, it makes less sense.