Home > mailing lists

Re: Probably security hole in postgresql-7.4.1 - Mailing list pgsql-hackers

From	Greg Stark
Subject	Re: Probably security hole in postgresql-7.4.1
Date	May 12, 2004 17:21:30
Msg-id	87k6zhr287.fsf@stark.xeocode.com Whole thread Raw
In response to	Re: Probably security hole in postgresql-7.4.1 (Shachar Shemesh <psql@shemesh.biz>)
Responses	Re: Probably security hole in postgresql-7.4.1 (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Shachar Shemesh <psql@shemesh.biz> writes:

> Also, if we want greater flexibility in handling these cases in the future, we
> should set up an invite-only list for reporting security bugs, and advertise it
> on the web site as the place to report security issues. Had this vulnerability
> been reported there, we could reasonably hold on without releasing a fix until
> 7.4.3 was ready.

A lot of people would be unhappy with that approach. A) they don't know the
people on the invite-only list and have no basis to trust them and B) Often
when a white hat reports the problem the black hats have known about it for
much longer already.

-- 
greg

pgsql-hackers by date:

From: Larry Rosenman
Date: 12 May 2004, 17:20:56
Subject: Re: threads stuff/UnixWare

From: Thomas Hallgren
Date: 12 May 2004, 17:48:13
Subject: Parser change needed?

Re: Probably security hole in postgresql-7.4.1 - Mailing list pgsql-hackers

Previous

Next