Re: Problem with OpenSCG downloads
Jim Mlodgenski <jimmy76@gmail.com>
From: Jim Mlodgenski <jimmy76@gmail.com>
To: Magnus Hagander <magnus@hagander.net>
Cc: Bruce Momjian <bruce@momjian.us>, Andres Freund <andres@anarazel.de>, Justin Clift <justin@postgresql.org>,
PostgreSQL www <pgsql-www@postgresql.org>
Date: 2018-08-17T12:35:28Z
Lists: pgsql-hackers
On Fri, Aug 17, 2018 at 3:48 AM, Magnus Hagander <magnus@hagander.net> wrote: > > > On Fri, Aug 17, 2018 at 4:39 AM, Bruce Momjian <bruce@momjian.us> wrote: > >> On Thu, Aug 16, 2018 at 09:25:36AM -0700, Andres Freund wrote: >> > On 2018-08-16 16:32:00 +0100, Justin Clift wrote: >> > > On 2018-08-16 16:25, Andres Freund wrote: >> > > > FWIW, I find this pretty damning given that there's been new >> security >> > > > release for a week: You've added no notes about it to the bigsql >> > > > download page. Pinged nobody, to get the downloadlinks temporarily >> > > > adorned with a warning on the pg site. And then there's the issue >> that >> > > > the dates besides the releases on the download page are referencing >> the >> > > > date of the newest set of minor releases, but aren't actually new. >> > > > >> > > > This is ridiculously intransparent. >> > > >> > > Is it fairly simple for us to just comment out/remove the links for >> now? >> > > >> > > We don't want to be pointing people to software with known security >> issues. >> > > >> > > We can put the links back in when the updated downloads are in place. >> :) >> > >> > Probably don't want to remove them entirely, it might prevent people >> > from upgrading from an even older release with more serious issues. But >> > a red warning seems appropriate. >> >> Agreed. We need to do something _now_, and the fact that we are having >> to discover this instead of OpenSCG telling us is a good reason to >> suspect the use of this download site in the future. >> >> Looking at their website now, does it show they now have the proper >> binaries? >> >> https://www.openscg.com/bigsql/postgresql/installers/ >> >> PostgreSQL 10.5 - Stable (09-Aug-18) >> >> postgresql-10.5-win64.exe >> postgresql-10.5-osx64.dmg >> >> > Per the filenames it looks like they do. But the dates are still backdated > on them? > > Jim, any confirmation on the status? > > Yes, we pushed the latest installers last night. The reason for the back date is because we did post new binaries on Aug-9, but didn't post the new installers until last night. That meant that existing users of the installers would get the latest updates posted on Aug-9 if they checked for updates through the mechanism of their existing install. Also, if new users installed the older version, at the end they would see there are updates available if they checked. The server we used to wrap the installers was down which caused the delay. Sorry for the trouble and we'll be much more proactive of letting everyone know if we have any difficulty in the future which I don't anticipate happening.
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Remove test for VA_ARGS, implied by C99.
- 8ecdefc261ab 12.0 landed
-
Introduce minimal C99 usage to verify compiler support.
- 143290efd079 12.0 landed
-
Require C99 (and thus MSCV 2013 upwards).
- d9dd406fe281 12.0 landed
-
Require a C99-compliant snprintf(), and remove related workarounds.
- e1d19c902e59 12.0 landed
-
Try to enable C99 in configure, but do not rely on it (yet).
- 86d78ef50e01 12.0 landed
-
Make snprintf.c follow the C99 standard for snprintf's result value.
- c2a2e331da17 9.6.11 landed
- 1811900b933c 10.6 landed
- 36147ec9f1e2 11.0 landed
- a57a6faf6011 9.3.25 landed
- 27c4b0899c0e 9.4.20 landed
- 8e9f229d2bf6 9.5.15 landed
- 805889d7d23f 12.0 landed
-
Clean up assorted misuses of snprintf()'s result value.
- d7ed4eea539d 11.0 landed
- d371efb39c33 9.4.20 landed
- c81062e8e12f 9.5.15 landed
- c182c1e0b895 9.6.11 landed
- 6101bc2f459c 10.6 landed
- 3531365de5e8 9.3.25 landed
- cc4f6b778618 12.0 landed