Re: Problem with OpenSCG downloads
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Andres Freund <andres@anarazel.de>
Cc: Justin Clift <justin@postgresql.org>, PostgreSQL www <pgsql-www@postgresql.org>
Date: 2018-08-17T02:39:11Z
Lists: pgsql-hackers
On Thu, Aug 16, 2018 at 09:25:36AM -0700, Andres Freund wrote: > On 2018-08-16 16:32:00 +0100, Justin Clift wrote: > > On 2018-08-16 16:25, Andres Freund wrote: > > > FWIW, I find this pretty damning given that there's been new security > > > release for a week: You've added no notes about it to the bigsql > > > download page. Pinged nobody, to get the downloadlinks temporarily > > > adorned with a warning on the pg site. And then there's the issue that > > > the dates besides the releases on the download page are referencing the > > > date of the newest set of minor releases, but aren't actually new. > > > > > > This is ridiculously intransparent. > > > > Is it fairly simple for us to just comment out/remove the links for now? > > > > We don't want to be pointing people to software with known security issues. > > > > We can put the links back in when the updated downloads are in place. :) > > Probably don't want to remove them entirely, it might prevent people > from upgrading from an even older release with more serious issues. But > a red warning seems appropriate. Agreed. We need to do something _now_, and the fact that we are having to discover this instead of OpenSCG telling us is a good reason to suspect the use of this download site in the future. Looking at their website now, does it show they now have the proper binaries? https://www.openscg.com/bigsql/postgresql/installers/ PostgreSQL 10.5 - Stable (09-Aug-18) postgresql-10.5-win64.exe postgresql-10.5-osx64.dmg -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Remove test for VA_ARGS, implied by C99.
- 8ecdefc261ab 12.0 landed
-
Introduce minimal C99 usage to verify compiler support.
- 143290efd079 12.0 landed
-
Require C99 (and thus MSCV 2013 upwards).
- d9dd406fe281 12.0 landed
-
Require a C99-compliant snprintf(), and remove related workarounds.
- e1d19c902e59 12.0 landed
-
Try to enable C99 in configure, but do not rely on it (yet).
- 86d78ef50e01 12.0 landed
-
Make snprintf.c follow the C99 standard for snprintf's result value.
- c2a2e331da17 9.6.11 landed
- 1811900b933c 10.6 landed
- 36147ec9f1e2 11.0 landed
- a57a6faf6011 9.3.25 landed
- 27c4b0899c0e 9.4.20 landed
- 8e9f229d2bf6 9.5.15 landed
- 805889d7d23f 12.0 landed
-
Clean up assorted misuses of snprintf()'s result value.
- d7ed4eea539d 11.0 landed
- d371efb39c33 9.4.20 landed
- c81062e8e12f 9.5.15 landed
- c182c1e0b895 9.6.11 landed
- 6101bc2f459c 10.6 landed
- 3531365de5e8 9.3.25 landed
- cc4f6b778618 12.0 landed