Re: [ANNOUNCE] IMPORTANT: two new PostgreSQL security problems found
| От | Greg Sabino Mullane |
|---|---|
| Тема | Re: [ANNOUNCE] IMPORTANT: two new PostgreSQL security problems found |
| Дата | |
| Msg-id | 18991d8228b39e43384ac760ebf5b84d@biglumber.com обсуждение исходный текст |
| Ответ на | Re: [ANNOUNCE] IMPORTANT: two new PostgreSQL security problems found (Thomas F.O'Connell <tfo@sitening.com>) |
| Список | pgsql-admin |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Considering that this is a security-related system catalog update, is > there any way of providing some sort of signature for a message like > this such that the community can feel that issuing some arcane commands > as a superuser won't open a hole rather than close one? An excellent point. Ideally someone (Tom) would be using GnuPG to sign important messages like this with a digital signature. However, there are a few checks one could do until that happens. One, compare his headers with previous ones. Second, check the page at www.postgresql.org for a matching announcement. Third, wait five minutes for the real Tom Lane to denounce any fake email sent in his name. :) If it makes you feel better, I'm 100% sure that was a legitimate email, and I am going to sign this. :) - -- Greg Sabino Mullane greg@turnstep.com PGP Key: 0x14964AC8 200505040739 http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8 -----BEGIN PGP SIGNATURE----- iD8DBQFCeLTwvJuQZxSWSsgRAtACAKDvyylXy1MliqSs8Jsoz7XicXmBagCgoprg qKPTIVv55E3ne19OGvtOTHM= =IFvp -----END PGP SIGNATURE-----
В списке pgsql-admin по дате отправления: