On Thu, 22 Aug 2002, Tom Lane wrote:
> Justin Clift <justin@postgresql.org> writes:
> > It probably makes sense to wait about a week until releasing 7.2.2, even
> > if we get assembled anything else that is needed.
>
> I think we should go ahead and push it out; by the end of next week
> we'll be trying to wrap 7.3 beta, and the confusion factor for pushing
> out two releases at the same time will be much too high.
>
> I think it is fairly unlikely that we will find anything else in the
> next week that is exploitable indirectly through a web-app in the same
> way that the date buffer overrun bug could be. Most of the sorts of
> bugs that I'm expecting to hear about will require being able to issue
> SQL commands --- and if someone can issue arbitrary SQL commands, there
> are plenty of ways to create a DOS situation.
And, worse comes to worse, we *can* issue a v7.2.3 if further security
issues are found before v7.3 is fully released ...
