Обсуждение: Proposed changes to security.html
Folks, I'd like to make two changes to the security.html page: 1) change all references from "contrib modules" to "extensions". Put a note on the bottom of the page explaining that they are the same thing. 2) create a second page, security-old.html. This page would archive the references to security issues patched on versions no longer under support (i.e. 8.2 and earlier). -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com
On Wed, Feb 6, 2013 at 8:01 PM, Josh Berkus <josh@agliodbs.com> wrote: > Folks, > > I'd like to make two changes to the security.html page: > > 1) change all references from "contrib modules" to "extensions". Put a > note on the bottom of the page explaining that they are the same thing. > > 2) create a second page, security-old.html. This page would archive the > references to security issues patched on versions no longer under > support (i.e. 8.2 and earlier). No objection here. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Josh Berkus <josh@agliodbs.com> writes: > I'd like to make two changes to the security.html page: > 1) change all references from "contrib modules" to "extensions". Put a > note on the bottom of the page explaining that they are the same thing. > 2) create a second page, security-old.html. This page would archive the > references to security issues patched on versions no longer under > support (i.e. 8.2 and earlier). At this point, shouldn't 8.3 also go to the "old" page? regards, tom lane
> At this point, shouldn't 8.3 also go to the "old" page? *After* the next update release, yes. I was figuring I'd wait for a couple weeks after that, and then archive it. -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com
On Thu, Feb 7, 2013 at 2:57 AM, Josh Berkus <josh@agliodbs.com> wrote: > >> At this point, shouldn't 8.3 also go to the "old" page? > > *After* the next update release, yes. I was figuring I'd wait for a > couple weeks after that, and then archive it. Yeah, seems reasonable to keep it around for a while. --Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/
On 02/06/2013 09:01 PM, Josh Berkus wrote: > Folks, > > I'd like to make two changes to the security.html page: > > 1) change all references from "contrib modules" to "extensions". Put a > note on the bottom of the page explaining that they are the same thing. > > 2) create a second page, security-old.html. This page would archive the > references to security issues patched on versions no longer under > support (i.e. 8.2 and earlier). +1 one on both - do you have a proposed wording or even better a patch for those changes? Stefan
On 02/14/2013 12:58 PM, Stefan Kaltenbrunner wrote: > On 02/06/2013 09:01 PM, Josh Berkus wrote: >> Folks, >> >> I'd like to make two changes to the security.html page: >> >> 1) change all references from "contrib modules" to "extensions". Put a >> note on the bottom of the page explaining that they are the same thing. >> >> 2) create a second page, security-old.html. This page would archive the >> references to security issues patched on versions no longer under >> support (i.e. 8.2 and earlier). > > +1 one on both - do you have a proposed wording or even better a patch > for those changes? I'll submit a patch. I've just been kind of busy. -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com
On 2/6/13 3:01 PM, Josh Berkus wrote: > I'd like to make two changes to the security.html page: > > 1) change all references from "contrib modules" to "extensions". Put a > note on the bottom of the page explaining that they are the same thing. What would be the point of that, other than introducing the use of less accurate language?
> What would be the point of that, other than introducing the use of less > accurate language? Oh, right, we have some contrib modules which are not extensions. However, the term "contrib" is confusing and not very helpful. Maybe I should use the term "Additional Supplied Modules" (shorthand "modules"), which is what we use in the docs? -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com
On Fri, 2013-03-01 at 16:22 -0800, Josh Berkus wrote: > > What would be the point of that, other than introducing the use of less > > accurate language? > > Oh, right, we have some contrib modules which are not extensions. > However, the term "contrib" is confusing and not very helpful. Maybe I > should use the term "Additional Supplied Modules" (shorthand "modules"), > which is what we use in the docs? That might be worthwhile consideration for introductory or marketing material, say, but for the purpose of tracking security issues, "contrib" is perfectly clear: If you are installing from source, it is code that lives under contrib/. If you are installing from binary, it is code that is in the postgresql-contrib package (usually). Calling it anything other than "contrib" cannot possibly make that more clear.
> That might be worthwhile consideration for introductory or marketing > material, say, but for the purpose of tracking security issues, > "contrib" is perfectly clear: If you are installing from source, it is > code that lives under contrib/. If you are installing from binary, it > is code that is in the postgresql-contrib package (usually). Calling it > anything other than "contrib" cannot possibly make that more clear. Yeah, I suppose the security page is not the place to address this. We have a larger project problem in using three different bits of terminology for mostly the same set of software. We can fix the security page once we fix the terminology in general. -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com