Re: Security lessons from liblzma

On 3/30/24 19:54, Joe Conway wrote:
>> On 2024-03-30 16:50:26 -0400, Robert Haas wrote:
>>> or what Tom does when he builds the release tarballs.
> 
> Tom follows this, at least last time I checked:
> 
> https://wiki.postgresql.org/wiki/Release_process

Reading through that, I wonder if this part is true anymore:

   In principle this could be done anywhere, but again there's a concern
   about reproducibility, since the results may vary depending on
   installed bison, flex, docbook, etc versions. Current practice is to
   always do this as pgsql on borka.postgresql.org, so it can only be
   done by people who have a login there. In detail:

Maybe if we split out the docs from the release tarball, we could also 
add the script (mk-release) to our git repo?

Some other aspects of that wiki page look out of date too. Perhaps it 
needs an overall update? Maybe Tom and/or Magnus could weigh in here.

-- 
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com