On Fri, 2005-11-25 at 14:18 -0500, Tom Lane wrote:
> Simon Riggs <simon@2ndquadrant.com> writes:
> > Unless somebody else wants to do this, I'll discuss on -www how we can
> > get a page up on the .org site with this info on, so that we can be "CVE
> > compatible".
>
> IMHO we should do that in any case, whether or not we mention CVEs
> in our release notes or CVS logs in the future. So go for it...
Can I suggest a new web page at
http://www.postgresql.org/support/security
with links from the support page and a ShortCut from the home page,
called "Security Information".
The main page title could be Security Information, modelled where
appropriate on http://www.us.debian.org/security/ but not too closely.
We can put a link to this from release notes, so they will by reference
include the security information.
Not sure of the submission process/guidelines/format. Can someone send
me the link to the FAQ, cos I can't find it on the main wwweb site.
Best Regards, Simon Riggs