On Sun, 2005-11-27 at 21:52 +0100, Magnus Hagander wrote:
..Tom Lane wrote
> > I think the bit about "Our goal is to gain and maintain
> > CVE-compatible status" is bogus. As near as I can tell,
> > Mitre's definition of CVE compatibility applies to security
> > products (eg, vulnerability scanners) which Postgres is not.
>
> Um. Not really - products like Debian are CVE compatible
> (http://www.us.debian.org/security/cve-compatibility), so it's not just
> for security products.
>
> > You could maybe say that this one web page is something that
> > could apply for CVE compatibility status, but are we going to
> > jump through those hoops for one web page? Nyet.
>
> Right. I'll take that off until such a time as we're further along that
> process (see Simons mails).
I'll re-raise this as a separate item, later; one step at a time.
> Looks better now?
And the first step looks very good now.
Best Regards, Simon Riggs
