On Thu, Aug 16, 2018 at 09:25:36AM -0700, Andres Freund wrote:
> On 2018-08-16 16:32:00 +0100, Justin Clift wrote:
> > On 2018-08-16 16:25, Andres Freund wrote:
> > > FWIW, I find this pretty damning given that there's been new security
> > > release for a week: You've added no notes about it to the bigsql
> > > download page. Pinged nobody, to get the downloadlinks temporarily
> > > adorned with a warning on the pg site. And then there's the issue that
> > > the dates besides the releases on the download page are referencing the
> > > date of the newest set of minor releases, but aren't actually new.
> > >
> > > This is ridiculously intransparent.
> >
> > Is it fairly simple for us to just comment out/remove the links for now?
> >
> > We don't want to be pointing people to software with known security issues.
> >
> > We can put the links back in when the updated downloads are in place. :)
>
> Probably don't want to remove them entirely, it might prevent people
> from upgrading from an even older release with more serious issues. But
> a red warning seems appropriate.
Agreed. We need to do something _now_, and the fact that we are having
to discover this instead of OpenSCG telling us is a good reason to
suspect the use of this download site in the future.
Looking at their website now, does it show they now have the proper
binaries?
https://www.openscg.com/bigsql/postgresql/installers/
PostgreSQL 10.5 - Stable (09-Aug-18)
postgresql-10.5-win64.exe
postgresql-10.5-osx64.dmg
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +