Postgres Pro
Downloads
Home   >   mailing lists

Re: CVE Links are broken on the PG 10.1 news page - Mailing list pgsql-www

From Magnus Hagander
Subject Re: CVE Links are broken on the PG 10.1 news page
Date
Msg-id CABUevEx-EWXCgOjjpz_JoO99PusQUYcgxxHKJGuYyCktiZ7_wg@mail.gmail.com
Whole thread Raw
In response to Re: CVE Links are broken on the PG 10.1 news page  ("Jonathan S. Katz" <jkatz@postgresql.org>)
List pgsql-www
Tree view
On Fri, Nov 10, 2017 at 5:55 PM, Jonathan S. Katz <jkatz@postgresql.org> wrote:

> On Nov 10, 2017, at 11:32 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Magnus Hagander <magnus@hagander.net> writes:
>> On Fri, Nov 10, 2017 at 2:56 PM, Daniel Gustafsson <daniel@yesql.se> wrote:
>>> On 10 Nov 2017, at 12:14, Damien Clochard <damien@dalibo.info> wrote:
>>>> The 3 CVE links lead to a 404 page on RH website :
>>>> https://access.redhat.com/security/cve/CVE-2017-12172
>>>> https://access.redhat.com/security/cve/CVE-2017-15098
>>>> https://access.redhat.com/security/cve/CVE-2017-15099
>
>>> Even better would probably be to not make them actual links until the
>>> target URL exists.
>
>> We used to do it that way. Which then meant they usually didn't get updated
>> until the next round of releases, because it got forgotten :/
>
> FWIW, I see that -12172 just got de-embargoed.  Probably the other two
> will follow shortly.

Interestingly enough, when I checked post-release yesterday, they were available, so they must have been re-embargoed shortly thereafter.

I think the right thing to do here will materialize itself once I have finished off the branch which databaseifies the list. When we've reached that point we can have a cronjob that pings the redhat urls and turns it into a link only once they stop returning 404.

Until then I think we're best off just keeping it the way it is now. 


--

pgsql-www by date:

Previous
From: "Jonathan S. Katz"
Date:
Subject: Re: CVE Links are broken on the PG 10.1 news page
Next
From: Vỹ Phan
Date:
Subject: Wiki editor request