Re: Purge obsolete security updates?

On Mon, Jan 31, 2011 at 03:52:03PM -0800, Josh Berkus wrote:
> 
> >> ... currently has security patch information going back to 2004.
> >> I'd like to cut everything which only applies through version 8.0
> >> as obsolete.  This would mean cutting all notices starting with
> >> CVE-2006-0678.
> > 
> > Well there are two notices prior to that that apply to 8.1.
> 
> Oh, yeah, well spotted.  Those two would be untouched.
> 
> > Will the information still be archived someplace if someone needs
> > it?
> 
> The release notes will still be available.
> 
> > I might be more inclined to move it to a separate page than to
> > nuke it completely.
> 
> Why?  What's the point in keeping it around?

The *act* of removing it is the one we want to avoid even the
appearance of doing.  It's an affirmative act, and one that could make
us look very bad.

Cheers,
David.
-- 
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate