Re: recent security activity
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Neil Conway <neilc@samurai.com>
Cc: Greg Copeland <greg@CopelandConsulting.Net>, "Thomas O'Connell" <tfo@monsterlabs.com>, PostgresSQL Hackers Mailing List <pgsql-hackers@postgresql.org>
Date: 2002-08-22T23:07:05Z
Lists: pgsql-hackers
Neil Conway <neilc@samurai.com> writes: > Would the purpose of the list be for publicizing vulnerabilities and > patches, or for the discussion of potential security problems, code > auditing, and related development activity? > If the former, I think pgsql-announce is adequate for that purpose. If > the latter, I'd rather see that kind of discussion on -hackers, so > that other developers are aware of what's going on. Also worth noting in this connection: if someone wants to report a security issue to the developers *without* publicizing it (as used to be considered good form), you can send to the pgsql-core mailing list. This goes to just the core committee members and is not archived anywhere public. I tend to agree with Neil that a separate -security list isn't needed, but will not stand in the way if there's sufficient interest. regards, tom lane