Thread: Splitting security into current/archive
WWW, Attached is a patch which splits the security.html page into two pages: security.html, which contains information about vulnerabilities in supported versions, and security_archive.html, which contains information about vulnerabilities which appear only in unsupported versions. If the patch doesn't suit you, can you view this on github: https://github.com/jberkus/pgweb/tree/split_security -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com
Attachment
On 05/13/2015 06:33 PM, Josh Berkus wrote: > WWW, > > Attached is a patch which splits the security.html page into two pages: > security.html, which contains information about vulnerabilities in > supported versions, and security_archive.html, which contains > information about vulnerabilities which appear only in unsupported versions. > > If the patch doesn't suit you, can you view this on github: > https://github.com/jberkus/pgweb/tree/split_security Accept/reject/modify? Anyone? -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com
On 05/15/2015 06:53 PM, Josh Berkus wrote: > On 05/13/2015 06:33 PM, Josh Berkus wrote: >> WWW, >> >> Attached is a patch which splits the security.html page into two pages: >> security.html, which contains information about vulnerabilities in >> supported versions, and security_archive.html, which contains >> information about vulnerabilities which appear only in unsupported versions. >> >> If the patch doesn't suit you, can you view this on github: >> https://github.com/jberkus/pgweb/tree/split_security > > Accept/reject/modify? Anyone? I was not aware we had a 24h SLA or such on reacting to patches yet - somebody should have told me :) Anyway I have now pushed this one with one though I took the liberty to add the "may" to "Users still running on unsupported PostgreSQL versions are strongly urged to upgrade as soon as possible, as those versions may contain unpatched security vulnerabilities." I found the old wording too hard because I dont think it is a given that just because a version is unsupported it will automatically have security vulnerabilities. Stefan
Josh Berkus wrote: > On 05/13/2015 06:33 PM, Josh Berkus wrote: > > WWW, > > > > Attached is a patch which splits the security.html page into two pages: > > security.html, which contains information about vulnerabilities in > > supported versions, and security_archive.html, which contains > > information about vulnerabilities which appear only in unsupported versions. > > > > If the patch doesn't suit you, can you view this on github: > > https://github.com/jberkus/pgweb/tree/split_security > > Accept/reject/modify? Anyone? Without looking at the actual patch, your description of it does make sense. To me, it looks like this info should be in the web database and those pages should be generated, not static. That way, there's no flurry of commits when we desupport major versions. -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
On 05/15/2015 10:38 AM, Alvaro Herrera wrote: > To me, it looks like this info should be in the web database and those > pages should be generated, not static. That way, there's no flurry of > commits when we desupport major versions. yes, but that's a much harder patch. -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com
Josh Berkus wrote: > On 05/15/2015 10:38 AM, Alvaro Herrera wrote: > > To me, it looks like this info should be in the web database and those > > pages should be generated, not static. That way, there's no flurry of > > commits when we desupport major versions. > > yes, but that's a much harder patch. I know ;-) -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services