public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dave Page <[email protected]>
To: Tom Lane <[email protected]>
Cc: David Fetter <[email protected]>
Cc: Josh Berkus <[email protected]>
Cc: [email protected]
Cc: Marc G. Fournier <[email protected]>
Subject: Re: How to coordinate web team for security releases?
Date: Mon, 05 Feb 2007 21:58:25 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
Tom Lane wrote:
>
> I see the leakage points in this case as being
>
> * Dave (and Devrim too) making commits that made it obvious something
> was afoot. They could and should have used the Security: filter that
> Marc set up to cause those messages to be held for moderator approval.
The pgInstaller CVS for sure - but that wouldn't have worked for the SVN
repo the docs are in. The messages from there go to pgadmin-hackers, so
I'm not quite so keen to keyword filter there unless the regexp is a
little more precise.
Marc; a commit message there might look like (without the lines):
=================================================================
Author: dpage
Date: 2007-02-05 20:28:43 +0000 (Mon, 05 Feb 2007)
New Revision: 5906
Revision summary:
http://svn.pgadmin.org/cgi-bin/viewcvs.cgi/?rev=5906&view=rev
Log:
Add a guru hint to warn the user of the consequences of storing
passwords, per Tony Caduto.
=================================================================
Can you hold messages to pgdmin-hackers with say:
"view=rev\n\nLog:\nSecurity: " ?
> * Josh using pgsql-www to notify the web team. I had had the idea that
> pgsql-www was supposed to be closed-subscription, so I didn't think
> anything of it at the time, but that's evidently wrong. Fixing that
> leak is the point of this discussion.
No, we got lots of flack over it being closed so eventually gave up and
made it 'by approval' and then completely open.
-packagers will work though - can we get David Fetter subscribed, and my
own address approved if it still hasn't been. On a related I'm also not
sure if Hiroshi Saito ([email protected]) is subscribed (he
packages win32-ja) - if not, can we sort that at the same time please?
Regards, Dave.
view thread (50+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: How to coordinate web team for security releases?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox