Received: from localhost (maia-5.hub.org [200.46.204.182])
	by postgresql.org (Postfix) with ESMTP id 920B49FA440
	for <pgsql-www-postgresql.org@postgresql.org>;
	Mon,  5 Feb 2007 18:14:57 -0400 (AST)
Received: from postgresql.org ([200.46.204.71])
	by localhost (mx1.hub.org [200.46.204.182]) (amavisd-new, port 10024)
	with ESMTP id 91117-06 for <pgsql-www-postgresql.org@postgresql.org>;
	Mon,  5 Feb 2007 18:14:47 -0400 (AST)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.4
Received: from sn.sai.msu.ru (sn.sai.msu.ru [195.208.220.215])
	by postgresql.org (Postfix) with ESMTP id 130559FA217
	for <pgsql-www@postgresql.org>; Mon,  5 Feb 2007 18:14:49 -0400 (AST)
Received: from sn.sai.msu.ru (localhost [127.0.0.1])
	by sn.sai.msu.ru (8.12.8/8.12.8) with ESMTP id l15MEiqR031416;
	Tue, 6 Feb 2007 01:14:44 +0300
Received: from localhost (megera@localhost)
	by sn.sai.msu.ru (8.12.8/8.12.8/Submit) with ESMTP id l15MEil1031413;
	Tue, 6 Feb 2007 01:14:44 +0300
X-Authentication-Warning: sn.sai.msu.ru: megera owned process doing -bs
Date: Tue, 6 Feb 2007 01:14:44 +0300 (MSK)
From: Oleg Bartunov <oleg@sai.msu.su>
X-X-Sender: megera@sn.sai.msu.ru
To: Tom Lane <tgl@sss.pgh.pa.us>
cc: Devrim GUNDUZ <devrim@CommandPrompt.com>,
	"pgsql-www@postgresql.org" <pgsql-www@postgresql.org>
Subject: Re: How to coordinate web team for security releases? 
In-Reply-To: <21524.1170713086@sss.pgh.pa.us>
Message-ID: <Pine.LNX.4.64.0702060110030.400@sn.sai.msu.ru>
References: <200702051128.13819.josh@agliodbs.com>
	<45C78B00.4020203@hagander.net>
	<1170712415.3056.25.camel@laptop.gunduz.org>
	<21524.1170713086@sss.pgh.pa.us>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Archive-Number: 200702/63
X-Sequence-Number: 11468

On Mon, 5 Feb 2007, Tom Lane wrote:

> Devrim GUNDUZ <devrim@CommandPrompt.com> writes:
>> * Upload the new tarballs to a private area (instead of public FTP site)
>> so that only packagers and other related people can download them to
>> build the packages, etc.
>
> We're not going to be able to make things really water-tight unless we
> are willing to close off CVS somehow; which is not an idea I favor.
> So I'm not particularly concerned about hiding tarballs --- especially
> since that's not something we'd do in a normal, non-security release
> cycle.  As I said before, keeping it off the mailing lists is probably
> sufficient, and in any case has to be our first goal before we start
> worrying about any more-invasive procedural changes.

I hope we will not go beyond this.

btw, how other OSS projects manage releases ?

Inkscape, for example, just didn't announce it's 0.45 release, but 
all tarballs were available from sourceforge site.

 	Regards,
 		Oleg
_____________________________________________________________
Oleg Bartunov, Research Scientist, Head of AstroNet (www.astronet.ru),
Sternberg Astronomical Institute, Moscow University, Russia
Internet: oleg@sai.msu.su, http://www.sai.msu.su/~megera/
phone: +007(495)939-16-83, +007(495)939-23-83