Re: Purge obsolete security updates?
| От | Robert Haas |
|---|---|
| Тема | Re: Purge obsolete security updates? |
| Дата | |
| Msg-id | AANLkTin3XFNf3WuuMJMtdnrR+4YJxf2BE7SqV-cattzs@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Purge obsolete security updates? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-www |
On Mon, Jan 31, 2011 at 7:08 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Josh Berkus <josh@agliodbs.com> writes: >> ... currently has security patch information going back to 2004. I'd >> like to cut everything which only applies through version 8.0 as >> obsolete. This would mean cutting all notices starting with >> CVE-2006-0678. > >> Further, I'd like to make a general policy that we cut security >> information from this page a year after the last referenced version goes >> EOL (e.g. we'd delete CVE-2006-5542 this November). > > -1 on both. The fact that we're not releasing new updates for old > versions is miles away from suppressing information about them. > Furthermore, having those notices up there might help to spur people to > update off those versions, which is what we really want. If we remove > all the old notices it is likely to leave the impression "hey, 7.4 is > much more bug-free than the newer versions, so I should stay on it". This was actually my first reaction, too. But I got shouted down the last time I argued for keeping something around for longer, so I softened it before sending. I don't really see the benefit of removing information from this page. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-www по дате отправления: