Bruce Momjian wrote:
> I am not excited about referencing error numbers from someone else.
> We know our errors better than anyone else, so I don't see the point.
The point is, *we* might know our error numbers, but the rest of the
world doesn't.
And CVE isn't just "someone". A large number of security groups,
government agencies, and OS distributors are involved there. Using CVE
numbers, the public can, say, correlate bugtraq or CERT announcements
or Red Hat or Debian bugs to PostgreSQL patches and releases.
Copy-and-pasting the CVE number into the patch message or release note
entry really isn't that much to ask for that service.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
