Tom Lane wrote:
> "Ferindo Middleton" <fmiddleton@verizon.net> writes:
>=20=20=20
>> This bug report involves more than one proposed bug. I work at a federal
>> government agency. The information technology division at this agency
>> refuses to allow the database version 8.0.4 on their network because of
>> several security vulnerabilities they noticed when testing the software
>> application.
>>=20=20=20=20=20
>
> They obviously haven't "tested" anything --- they are merely reading the
> CVE reports for old Postgres versions. All known CVE problems are
> resolved in 8.0.4.
>
> (If they were actually serious about security, they wouldn't be letting
> you run Windows 2000 inside their network, but I digress.)
>
> regards, tom lane
>
>=20=20=20
Thanks for your support with this. I had presented the IT support team=20
at this agency with the information you all provided that these=20
CVEs/bugs were resolved in previous versions to 8.0.4 and they suddenly=20
argued that it wasn=92t the CVE=92s that were the problem (without admittin=
g=20
that they never really tested 8.0.4 in the first place)=85 I=92m sorry if I=
=20
wasted anybody=92s time or irritated anyone by assuming that these bugs=20
were actually valid in 8.0.4=85 I=92m starting to get tied up in a bunch of=
=20
bureaucratic tape dealing with these people. I think their just scared=20
of having to deal with the support overhead they think they'll have to=20
assume if they introduce another DBMS on their network=85
Thank you,
Ferindo Middleton
