> > > Unless somebody else wants to do this, I'll discuss on
> -www how we
> > > can get a page up on the .org site with this info on, so
> that we can
> > > be "CVE compatible".
> >
> > IMHO we should do that in any case, whether or not we
> mention CVEs in
> > our release notes or CVS logs in the future. So go for it...
>
> Can I suggest a new web page at
> http://www.postgresql.org/support/security
> with links from the support page and a ShortCut from the home
> page, called "Security Information".
>
> The main page title could be Security Information, modelled
> where appropriate on http://www.us.debian.org/security/ but
> not too closely.
I'm working on this. Will let you know when I have something ready to
look at.
Though I have it at /docs/security for now (with an intended symlink
from /security). Perhaps support is better? (trivial to move before the
initial commit..)
> Not sure of the submission process/guidelines/format. Can
> someone send me the link to the FAQ, cos I can't find it on
> the main wwweb site.
Submission of security bugs, or of pages to the web? ;-)
Security bugs info is in the actual documentation pages under reporting
bugs.
//Magnus
