Thread: My head is spinning
There is so much going on, I am having trouble keeping things straight. Just thought I would let everyone know. ;-) -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania19073
On Thursday 22 August 2002 06:07 pm, Bruce Momjian wrote: > There is so much going on, I am having trouble keeping things straight. > Just thought I would let everyone know. ;-) Quite busy, eh? :-) Hey, Bruce, gyroscopes spin to keep them stable..... -- Lamar Owen WGCR Internet Radio 1 Peter 4:11
Lamar Owen wrote: > On Thursday 22 August 2002 06:07 pm, Bruce Momjian wrote: > > There is so much going on, I am having trouble keeping things straight. > > Just thought I would let everyone know. ;-) > > Quite busy, eh? :-) Yep. I don't know where to start. > Hey, Bruce, gyroscopes spin to keep them stable..... That doesn't seem to work for me. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania19073
On Thursday 22 August 2002 10:40 pm, Bruce Momjian wrote: > Lamar Owen wrote: > > On Thursday 22 August 2002 06:07 pm, Bruce Momjian wrote: > > > There is so much going on, I am having trouble keeping things straight. > > > Just thought I would let everyone know. ;-) > > Quite busy, eh? :-) > Yep. I don't know where to start. Well, Ok, I think we're going in the right direction. The one thing I would like to see is a release target for 7.2.2. There is a substantial interest in our userbase for this, judging from a thread among OpenACS developers. Thus far it's not hit bigger news sites -- but I can tell you right now, with my media experience, that people will assume the worst -- and if/when this hits slashdot, we really need a response to 'whence 7.2.2'. BugTraq's one thing -- slashdot is another thing entirely. I'm quite surprized, in fact, it hasn't hit Linux Today, slashdot, or Linux Weekly News. When/if it does, *SHA-ZAM*. I'd personally like the news item to read 'PostgreSQL developers release security update' rather than 'Security hole found in PostgreSQL'. If push comes to shove I can push RPM's out Saturday, if the tarball is ready. If not, Monday morning at the earliest. > > Hey, Bruce, gyroscopes spin to keep them stable..... > That doesn't seem to work for me. Well, we've already seen kudos go out to Marc. I think a round of applause should also go to some other people -- but in particular Bruce has always done a fine job of getting the release ready for packaging. Not to take away from other's efforts, just maybe to help encourage someone else who is feeling overwhelmed (a couple hundred thousand lines of Fortran, a complete website redesign, a major renovation, and some major engineering/surveying work have my attention here... and that's just one job). -- Lamar Owen WGCR Internet Radio 1 Peter 4:11
Lamar Owen wrote: > On Thursday 22 August 2002 10:40 pm, Bruce Momjian wrote: > > Lamar Owen wrote: > > > On Thursday 22 August 2002 06:07 pm, Bruce Momjian wrote: > > > > There is so much going on, I am having trouble keeping things straight. > > > > Just thought I would let everyone know. ;-) > > > > Quite busy, eh? :-) > > > Yep. I don't know where to start. > > Well, Ok, I think we're going in the right direction. The one thing I would > like to see is a release target for 7.2.2. There is a substantial interest > in our userbase for this, judging from a thread among OpenACS developers. > Thus far it's not hit bigger news sites -- but I can tell you right now, with > my media experience, that people will assume the worst -- and if/when this > hits slashdot, we really need a response to 'whence 7.2.2'. BugTraq's one > thing -- slashdot is another thing entirely. I'm quite surprized, in fact, > it hasn't hit Linux Today, slashdot, or Linux Weekly News. When/if it does, > *SHA-ZAM*. I'd personally like the news item to read 'PostgreSQL developers > release security update' rather than 'Security hole found in PostgreSQL'. > > If push comes to shove I can push RPM's out Saturday, if the tarball is ready. > If not, Monday morning at the earliest. You bring up a good point. We don't want to appear reactive on this, we want to be proactive. The CVS is all ready for release, so there isn't anything holding us up except our quality control. > > > Hey, Bruce, gyroscopes spin to keep them stable..... > > > That doesn't seem to work for me. > > Well, we've already seen kudos go out to Marc. I think a round of applause > should also go to some other people -- but in particular Bruce has always > done a fine job of getting the release ready for packaging. Not to take away > from other's efforts, just maybe to help encourage someone else who is > feeling overwhelmed (a couple hundred thousand lines of Fortran, a complete > website redesign, a major renovation, and some major engineering/surveying > work have my attention here... and that's just one job). Thanks. It is just that I usually have control over all the open threads so I can know they are all tied up. Right now, I have a mailbox full of 1/2 discussed items that haven't been resolved. I will need to start reading all of them tomorrow and try to get closure on them. -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania19073
On Thursday 22 August 2002 11:07 pm, Bruce Momjian wrote: > Lamar Owen wrote: > > Weekly News. When/if it does, *SHA-ZAM*. I'd personally like the news > > item to read 'PostgreSQL developers release security update' rather than > > 'Security hole found in PostgreSQL'. > You bring up a good point. We don't want to appear reactive on this, we > want to be proactive. The CVS is all ready for release, so there isn't > anything holding us up except our quality control. As to QA, I have REL7_2_STABLE coming down my dialup now. I'll try a test build (given the CVS versus dist tarball quirks -- I really need to duplicate the distribution scripts Marc has so that I can preroll tarballs from CVS here...) tonight or tomorrow and see where it leads. My biggest difficulty is merging any necessary RPM-specific patches -- and I have a couple of new ones to put in, particularly a set of ones to contrib from Peter that I've not yet merged in. > Thanks. It is just that I usually have control over all the open threads > so I can know they are all tied up. Right now, I have a mailbox full of > 1/2 discussed items that haven't been resolved. I will need to start > reading all of them tomorrow and try to get closure on them. Keeping 7.3 and 7.2.2 issues separate is going to be a challenge -- but we always knew there'd be this possibility. I _know_ my build environment isn't set up to parallel QA releases. And with Sep 1 nearing, I really need to get my act together on building pre-7.3... -- Lamar Owen WGCR Internet Radio 1 Peter 4:11
On Thursday 22 August 2002 11:07 pm, Bruce Momjian wrote: > Lamar Owen wrote: > > Weekly News. When/if it does, *SHA-ZAM*. I'd personally like the news > > item to read 'PostgreSQL developers release security update' rather than > > 'Security hole found in PostgreSQL'. > You bring up a good point. We don't want to appear reactive on this, we > want to be proactive. The CVS is all ready for release, so there isn't > anything holding us up except our quality control. Well, it _has_ been placed on LWN under the moniker 'Multiple buffer overflows in PostgreSQL'. Not good, as everyone who claims to be a security expert *knows* that all buffer overflows are the bane of a secure system.... It isn't a headline item, though -- which is why it took me a minute to find it. But even LWN isn't slashdot. It would be nice if we've dodged that bullet. -- Lamar Owen WGCR Internet Radio 1 Peter 4:11
Lamar Owen <lamar.owen@wgcr.org> writes: > BugTraq's one thing -- slashdot is another thing entirely. I'm > quite surprized, in fact, it hasn't hit Linux Today, slashdot, or > Linux Weekly News. I'd be very surprised if it is mentioned on Slashdot (LWN + Linuxtoday carry routine security advisories, so they'll probably have it at some point). The security problem is *not* that serious. > If push comes to shove I can push RPM's out Saturday, if the tarball > is ready. If not, Monday morning at the earliest. I'd say release the RPMs when they are ready, a couple days won't make a big difference either way. Given that the only remotely serious hole (the datetime bug) has been public knowledge for a matter of weeks, there's not a lot of point to panicking at this point. Cheers, Neil -- Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC
On Thursday 22 August 2002 11:42 pm, Neil Conway wrote: > Lamar Owen <lamar.owen@wgcr.org> writes: > > If push comes to shove I can push RPM's out Saturday, if the tarball > > is ready. If not, Monday morning at the earliest. > I'd say release the RPMs when they are ready, a couple days won't make > a big difference either way. Given that the only remotely serious hole > (the datetime bug) has been public knowledge for a matter of weeks, > there's not a lot of point to panicking at this point. Oh, I'm not panicking. I just try my best to release RPM's as close to coincident to the tarball release as possible. Otherwise I get complaints. And you're right -- the security issue itself isn't that serious (as I have posted to both BugTraq and the OpenACS forum) -- but remember the mindset of the typical slashdot reader. -- Lamar Owen WGCR Internet Radio 1 Peter 4:11
On Thu, 22 Aug 2002, Bruce Momjian wrote: > Lamar Owen wrote: > > Hey, Bruce, gyroscopes spin to keep them stable..... > > That doesn't seem to work for me. Not spinning fast enough? Hey, I know. Let's stand him on his head! Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com http://www.pop4.net 56K Nationwide Dialup from $16.00/mo atPop4 Networking http://www.camping-usa.com http://www.cloudninegifts.com http://www.meanstreamradio.com http://www.unknown-artists.com ==========================================================================