location of md5 files ...
| От | Josh Berkus |
|---|---|
| Тема | location of md5 files ... |
| Дата | |
| Msg-id | 4B2690A6.6060908@postgresql.org обсуждение исходный текст |
| Ответы |
Re: location of md5 files ...
(Dave Page <dpage@pgadmin.org>)
Re: location of md5 files ... (Magnus Hagander <magnus@hagander.net>) |
| Список | pgsql-www |
WWW team, Does Otto have a point? --Josh -------- Original Message -------- Subject: RE: PostgreSQL 2009-12-14 Security Update Date: Mon, 14 Dec 2009 12:13:55 -0800 From: Otto Hirr <otto.hirr@olabinc.com> Reply-To: <otto.hirr@olabinc.com> To: 'Josh Berkus' <josh@postgresql.org> Josh, Something I've thought about for a long time.... Why does one have to go to a "mirror" to get a md5 checksum file. From a "security" perspective, these checksums should simply be listed on the "main" / "authoritative" website, and maybe also available for download from a mirror. What is to say that a "bad" mirror, changes both the file and the md5 file.... then you have badness... that can not be easily discovered. Regards, ..Otto > -----Original Message----- > From: pgsql-announce-owner@postgresql.org > [mailto:pgsql-announce-owner@postgresql.org]On Behalf Of Josh Berkus > Sent: Monday, December 14, 2009 8:27 AM > To: pgsql-announce@postgresql.org > Subject: PostgreSQL 2009-12-14 Security Update > > > The PostgreSQL Project today released minor versions updating > all active > branches of the PostgreSQL object-relational database system, > including > versions 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and 7.4.27. > This release > fixes one moderate-risk and one low-risk security issue: an SSL > authentication issue, and a privilege escalation issue with expression > indexes. All PostgreSQL database administrators are urged to update > your version of PostgreSQL at the earliest opportunity. > > There are also 48 other bug fixes in this release, many of which apply > only to version 8.4, and a few of which are specifically for Windows. > While these are generally fixes for minor issues, among the > changes are: > > * Prevent hash index corruption > * Update time zone data for 9 regions > * Fix permissions-related startup issue on Windows > * Prevent server restart if a VACUUM FULL is killed > * Correct cache initialization startup bug > > See the release notes for a full list of changes with details. > > As with other minor releases, users are not required to dump > and reload > their database in order to apply this update release; you may simply > shut down PostgreSQL and update its binaries. However, users who have > hash indexes will want to run REINDEX after updating in order > to repair > any existing index damage. Users skipping more than one > update may need > to check the release notes for extra, post-update steps. > > * Release Notes: > http://www.postgresql.org/docs/current/static/release.html > * Installation Packages: http://www.postgresql.org/download/ > * Source Code: http://www.postgresql.org/ftp/source/ > * Details of Security Issues: http://www.postgresql.org/support/security The PosgreSQL Global Development Group will stop releasing updates for PostgreSQL versions 7.4 and 8.0 after July of 2010. We urge users of those versions to start planning to upgrade now. ---------------------------(end of broadcast)--------------------------- -To unsubscribe from this list, send an email to: pgsql-announce-unsubscribe@postgresql.org
В списке pgsql-www по дате отправления: