Thread: Postgres upgrade, security release, where?
So It was announced that there would be a security patch for all versions released on the 4th. I see it's been announced/released on the website, but the versions available show Feb dates.
Should the source be current? Or does it take a while for source and other to be made available?Figured if the site says released, it should be available.
Tory
 postgresql-9.2.3.tar.bz2 | 2013-02-07 10:25:10 | 15.6 MB |
| postgresql-9.2.3.tar.bz2.md5 | 2013-02-07 10:25:10 | 59 bytes |
| postgresql-9.2.3.tar.gz | 2013-02-07 10:25:12 | 20.5 MB |
| postgresql-9.2.3.tar.gz.md5 | 2013-02-07 10:25:13 | 58 bytes |
On Mon, Apr 1, 2013 at 05:10:22PM -0700, Tory M Blue wrote: > So It was announced that there would be a security patch for all versions > released on the 4th. I see it's been announced/released on the website, but the > versions available show Feb dates. > > Should the source be current? Or does it take a while for source and other to > be made available? > > Figured if the site says released, it should be available. > > Thanks > Tory > > postgresql-9.2.3.tar.bz2 2013-02-07 15.6 > postgresql-9.2.3.tar.bz2 10:25:10 MB > postgresql-9.2.3.tar.bz2.md5 2013-02-07 59 > postgresql-9.2.3.tar.bz2.md5 10:25:10 bytes > postgresql-9.2.3.tar.gz postgresql-9.2.3.tar.gz 2013-02-07 20.5 > 10:25:12 MB > postgresql-9.2.3.tar.gz.md5 2013-02-07 58 > postgresql-9.2.3.tar.gz.md5 10:25:13 bytes Due to the security nature of the release, the source and binaries will only be publicly available on April 4 --- there are no pre-release versions available. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
2013/4/2 Bruce Momjian <bruce@momjian.us>: > On Mon, Apr 1, 2013 at 05:10:22PM -0700, Tory M Blue wrote: >> So It was announced that there would be a security patch for all versions >> released on the 4th. I see it's been announced/released on the website, but the >> versions available show Feb dates. >> >> Should the source be current? Or does it take a while for source and other to >> be made available? >> >> Figured if the site says released, it should be available. >> >> Thanks >> Tory >> >> postgresql-9.2.3.tar.bz2 2013-02-07 15.6 >> postgresql-9.2.3.tar.bz2 10:25:10 MB >> postgresql-9.2.3.tar.bz2.md5 2013-02-07 59 >> postgresql-9.2.3.tar.bz2.md5 10:25:10 bytes >> postgresql-9.2.3.tar.gz postgresql-9.2.3.tar.gz 2013-02-07 20.5 >> 10:25:12 MB >> postgresql-9.2.3.tar.gz.md5 2013-02-07 58 >> postgresql-9.2.3.tar.gz.md5 10:25:13 bytes > > Due to the security nature of the release, the source and binaries will > only be publicly available on April 4 --- there are no pre-release > versions available. The PostgreSQL homepage has a big announcement saying "PostgreSQL minor versions released!", including a mention of a "security issue"; unfortunately it's not obvious that this is for the prior 9.2.3 release and as the announcement of the upcoming security release ( http://www.postgresql.org/about/news/1454/ ) does not mention the new release number, methinks there is plenty of room for confusion :( It might be an idea to update the "splash box" with details of the upcoming release. Regards Ian Barwick
On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote: > > Due to the security nature of the release, the source and binaries will > > only be publicly available on April 4 --- there are no pre-release > > versions available. > > The PostgreSQL homepage has a big announcement saying > "PostgreSQL minor versions released!", including a mention of a > "security issue"; > unfortunately it's not obvious that this is for the prior 9.2.3 release and as > the announcement of the upcoming security release > ( http://www.postgresql.org/about/news/1454/ ) does not mention the > new release number, methinks there is plenty of room for confusion :( > > It might be an idea to update the "splash box" with details of the upcoming > release. I agree updating the "spash box" would make sense. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. +
On Mon, Apr 1, 2013 at 5:55 PM, Bruce Momjian <bruce@momjian.us> wrote:
On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote:
> > Due to the security nature of the release, the source and binaries will
> > only be publicly available on April 4 --- there are no pre-release
> > versions available.
>
> The PostgreSQL homepage has a big announcement saying
> "PostgreSQL minor versions released!", including a mention of a
> "security issue";
> unfortunately it's not obvious that this is for the prior 9.2.3 release and as
> the announcement of the upcoming security release
> ( http://www.postgresql.org/about/news/1454/ ) does not mention the
> new release number, methinks there is plenty of room for confusion :(
>
> It might be an idea to update the "splash box" with details of the upcoming
> release.
>I agree updating the "spash box" would make sense.
Thanks all
My confusion was due to the fact that the other day there was a splash box or other indication regarding the security fix release of April 4th and when I went back today (just because), the message had changed citing there was a security fix etc and no mention of a major fix coming in a few days.
My apologies for the confusion
Tory
My confusion was due to the fact that the other day there was a splash box or other indication regarding the security fix release of April 4th and when I went back today (just because), the message had changed citing there was a security fix etc and no mention of a major fix coming in a few days.
My apologies for the confusion
Tory
On 02/04/13 13:55, Bruce Momjian wrote: > On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote: >>> Due to the security nature of the release, the source and binaries will >>> only be publicly available on April 4 --- there are no pre-release >>> versions available. >> >> The PostgreSQL homepage has a big announcement saying >> "PostgreSQL minor versions released!", including a mention of a >> "security issue"; >> unfortunately it's not obvious that this is for the prior 9.2.3 release and as >> the announcement of the upcoming security release >> ( http://www.postgresql.org/about/news/1454/ ) does not mention the >> new release number, methinks there is plenty of room for confusion :( >> >> It might be an idea to update the "splash box" with details of the upcoming >> release. > > I agree updating the "spash box" would make sense. > Or perhaps include a date on said splashes, so we know when to panic :-)
On Mon, Apr 1, 2013 at 11:43 PM, Mark Kirkwood <mark.kirkwood@catalyst.net.nz> wrote: > On 02/04/13 13:55, Bruce Momjian wrote: >> >> On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote: >>>> >>>> Due to the security nature of the release, the source and binaries will >>>> only be publicly available on April 4 --- there are no pre-release >>>> versions available. >>> >>> >>> The PostgreSQL homepage has a big announcement saying >>> "PostgreSQL minor versions released!", including a mention of a >>> "security issue"; >>> unfortunately it's not obvious that this is for the prior 9.2.3 release >>> and as >>> the announcement of the upcoming security release >>> ( http://www.postgresql.org/about/news/1454/ ) does not mention the >>> new release number, methinks there is plenty of room for confusion :( >>> >>> It might be an idea to update the "splash box" with details of the >>> upcoming >>> release. >> >> >> I agree updating the "spash box" would make sense. >> > > Or perhaps include a date on said splashes, so we know when to panic :-) I've added the date to the splash. You can cease panicing now :-) -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company
On 02/04/13 21:34, Dave Page wrote: > On Mon, Apr 1, 2013 at 11:43 PM, Mark Kirkwood > <mark.kirkwood@catalyst.net.nz> wrote: >> On 02/04/13 13:55, Bruce Momjian wrote: >>> >>> On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote: >>>>> >>>>> Due to the security nature of the release, the source and binaries will >>>>> only be publicly available on April 4 --- there are no pre-release >>>>> versions available. >>>> >>>> >>>> The PostgreSQL homepage has a big announcement saying >>>> "PostgreSQL minor versions released!", including a mention of a >>>> "security issue"; >>>> unfortunately it's not obvious that this is for the prior 9.2.3 release >>>> and as >>>> the announcement of the upcoming security release >>>> ( http://www.postgresql.org/about/news/1454/ ) does not mention the >>>> new release number, methinks there is plenty of room for confusion :( >>>> >>>> It might be an idea to update the "splash box" with details of the >>>> upcoming >>>> release. >>> >>> >>> I agree updating the "spash box" would make sense. >>> >> >> Or perhaps include a date on said splashes, so we know when to panic :-) > > I've added the date to the splash. You can cease panicing now :-) > ...wipes forehead...
On 02/04/13 21:47, Mark Kirkwood wrote: > On 02/04/13 21:34, Dave Page wrote: >> On Mon, Apr 1, 2013 at 11:43 PM, Mark Kirkwood >> <mark.kirkwood@catalyst.net.nz> wrote: >>> On 02/04/13 13:55, Bruce Momjian wrote: >>>> >>>> On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote: >>>>>> >>>>>> Due to the security nature of the release, the source and binaries >>>>>> will >>>>>> only be publicly available on April 4 --- there are no pre-release >>>>>> versions available. >>>>> >>>>> >>>>> The PostgreSQL homepage has a big announcement saying >>>>> "PostgreSQL minor versions released!", including a mention of a >>>>> "security issue"; >>>>> unfortunately it's not obvious that this is for the prior 9.2.3 >>>>> release >>>>> and as >>>>> the announcement of the upcoming security release >>>>> ( http://www.postgresql.org/about/news/1454/ ) does not mention the >>>>> new release number, methinks there is plenty of room for confusion :( >>>>> >>>>> It might be an idea to update the "splash box" with details of the >>>>> upcoming >>>>> release. >>>> >>>> >>>> I agree updating the "spash box" would make sense. >>>> >>> >>> Or perhaps include a date on said splashes, so we know when to panic :-) >> >> I've added the date to the splash. You can cease panicing now :-) >> > > ...wipes forehead... > Nice - but at the risk of seeming ungrateful, it would be good to know what timezone said date referred to...in case people were waiting on an important announcement or something... :-)
2013/4/4 Mark Kirkwood <mark.kirkwood@catalyst.net.nz>: > On 02/04/13 21:47, Mark Kirkwood wrote: >> >> On 02/04/13 21:34, Dave Page wrote: >>> >>> On Mon, Apr 1, 2013 at 11:43 PM, Mark Kirkwood >>> <mark.kirkwood@catalyst.net.nz> wrote: >>>> >>>> On 02/04/13 13:55, Bruce Momjian wrote: >>>>> >>>>> >>>>> On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote: >>>>>>> >>>>>>> >>>>>>> Due to the security nature of the release, the source and binaries >>>>>>> will >>>>>>> only be publicly available on April 4 --- there are no pre-release >>>>>>> versions available. >>>>>> >>>>>> >>>>>> >>>>>> The PostgreSQL homepage has a big announcement saying >>>>>> "PostgreSQL minor versions released!", including a mention of a >>>>>> "security issue"; >>>>>> unfortunately it's not obvious that this is for the prior 9.2.3 >>>>>> release >>>>>> and as >>>>>> the announcement of the upcoming security release >>>>>> ( http://www.postgresql.org/about/news/1454/ ) does not mention the >>>>>> new release number, methinks there is plenty of room for confusion :( >>>>>> >>>>>> It might be an idea to update the "splash box" with details of the >>>>>> upcoming >>>>>> release. >>>>> >>>>> >>>>> >>>>> I agree updating the "spash box" would make sense. >>>>> >>>> >>>> Or perhaps include a date on said splashes, so we know when to panic :-) >>> >>> >>> I've added the date to the splash. You can cease panicing now :-) >>> >> >> ...wipes forehead... >> > > Nice - but at the risk of seeming ungrateful, it would be good to know what > timezone said date referred to...in case people were waiting on an important > announcement or something... :-) I'm guessing somewhere around the start of the business day US time on their east coast? Which means a late night for those of us on the early side of the International Date Line (I'm in Japan). I'll want to at least find out what the nature of the problem is before deciding whether I need to burn some late-nite oil... Regards Ian Barwick