Received: from localhost (maia-1.hub.org [200.46.204.191])
	by postgresql.org (Postfix) with ESMTP id DA39E9FA4CA
	for <pgsql-www-postgresql.org@postgresql.org>;
	Mon,  5 Feb 2007 17:04:11 -0400 (AST)
Received: from postgresql.org ([200.46.204.71])
	by localhost (mx1.hub.org [200.46.204.191]) (amavisd-new, port 10024)
	with ESMTP id 09462-10 for <pgsql-www-postgresql.org@postgresql.org>;
	Mon,  5 Feb 2007 17:04:08 -0400 (AST)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.4
Received: from tinlc.com (unknown [72.18.206.65])
	by postgresql.org (Postfix) with ESMTP id 0D5C69FA06E
	for <pgsql-www@postgresql.org>; Mon,  5 Feb 2007 17:04:09 -0400 (AST)
Received: from [127.0.0.1] (helo=localhost) by tinlc.com with smtp (Exim 4.60)
	(envelope-from <greg@turnstep.com>)
	id 1HEB3c-0003nI-Rk; Mon, 05 Feb 2007 16:07:24 -0500
From: "Greg Sabino Mullane" <greg@turnstep.com>
To: pgsql-www@postgresql.org
Subject: Re: How to coordinate web team for security releases?
X-PGP-Key: 2529 DF6A B8F7 9407 E944  45B4 BC9B 9067 1496 4AC8
X-Request-PGP: 
 http://www.biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
In-Reply-To: <45C78F8E.60208@postgresql.org>
Date: Mon,  5 Feb 2007 21:07:24 -0000
X-Mailer: JoyMail 2.01
Message-ID: <68f661154ca35b7a0afed9b83cd3ff3c@biglumber.com>
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Archive-Number: 200702/45
X-Sequence-Number: 11450


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


Dave Page wrote:
>> What we also need is a better way to update the mirrors in a timely manner.

> I don't see how we can do that unless we persuade all the mirrors to
> update more than once per day, which I doubt the larger ones will do.

Well, I was thinking more in terms of something in addition to the daily update,
such as an hourly (or less) check that would pull in any high-priority changes[1].
Seems that most of the time-sensitive changes we've needed affect a very small
subset of the pages and should not be a traffic concern. The good thing about
such a system is that we would not even need 100% buy-in right away - the ones
not implementing it would still get the daily update. Eventually we'd want to
strongly encourage everyone to use it, of course.

[1] Indication of a need to pull in changes could be as simple as an atomic
number stored in a text file somewhere, or by a list of files and timeststamps,
or something else simple yet low traffic.

- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200702051602
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----

iD8DBQFFx5ufvJuQZxSWSsgRA4SbAKCDm3AGz4+HNHxLGX/mViiLJ93XywCgxiSA
U9pGW39bEZpfOZwVr4EQe0M=
=G7T+
-----END PGP SIGNATURE-----