Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL - Mailing list pgsql-hackers
From | Lamar Owen |
---|---|
Subject | Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL |
Date | |
Msg-id | 200208261440.54047.lamar.owen@wgcr.org Whole thread Raw |
In response to | Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL ("Dann Corbit" <DCorbit@connx.com>) |
Responses |
Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL
(Bruce Momjian <pgman@candle.pha.pa.us>)
|
List | pgsql-hackers |
On Monday 26 August 2002 02:23 pm, Dann Corbit wrote: > An alarmist style when posting a serious error is a good idea. > "Hey guys, I found a possible problem..." > Does not seem to generate the needed level of excitement. > DOS attacks means that business stops. I think that should generate a > furrowed brow, to say the least. The historical style on this list has avoided histrionics -- although I have myself been guilty of the hyperbole problem. Making a big stink in no wise guarantees it being heard, and may very well cause some to bristle, as Tom has done. It just doesn't fit the style of this list, that's all. > As long as the needed data is included (here is how to reproduce the > problem...) I don't see any problem. When you have to read and process nearly 1,000 e-mails a day (as I have had to do, although my average is a mere 400 or so per day), the subject line and the first screenful of the message will be looked at, and no more. The substance needs to be early in the message, and the subject needs to be short and descriptive. These are just simply traditions, protocols, and ettiquette for Internet mailing lists, as well as other fora such as Usenet. If someone wants me to pay attention to a message, the subject needs to be on the point, and the point needs to be early in the message. Otherwise I may simply be so rushed when it arrives in my mailboxen (more than one, as I have autorouting mail filters in place) that it gets ignored. I know I am not alone in processing mail this way. > > And dealing with a real name would be nice, IMHO. Otherwise > > we may end up > If he wants to call himself 'Sir Modred' or 'Donald Duck' or 'Jack the > Ripper' or whatever, I don't see how it matters. He is providing a > valuable service by location of serious problems. These are the sort of > thing that must be addressed. This is the *EXACT* sort of information > that is needed to make PostgreSQL become as robust as Oracle, > SQL*Server, DB/2, etc. I'm sorry, but I have more respect for someone who isn't afraid to use their real name. I've been on both sides of that fence. Even in the security business, where people routinely use pseudonyms, I personally prefer to know their real name. If I _know_ Aleph One is Elias Levy, then that's easy enough. If the information is easily available, then that's enough. So, it makes a difference to me, like it, lump it, or think it's insane. And, yes, I agree he IS providing a valuable service -- with that I have no complaints. But there is a distinct civility and culture to this list, and I'd like to see it stay that way. -- Lamar Owen WGCR Internet Radio 1 Peter 4:11
pgsql-hackers by date: