info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: Postgres upgrade, security release, where?
5 views
Skip to first unread message
Bruce Momjian
Apr 1, 2013, 8:27:06 PM4/1/13
to
On Mon, Apr 1, 2013 at 05:10:22PM -0700, Tory M Blue wrote:
> So It was announced that there would be a security patch for all versions
> released on the 4th. I see it's been announced/released on the website, but the
> versions available show Feb dates.
>
> Should the source be current? Or does it take a while for source and other to
> be made available?
>
> Figured if the site says released, it should be available.
>
> Thanks
> Tory
>
> postgresql-9.2.3.tar.bz2 2013-02-07 15.6
> postgresql-9.2.3.tar.bz2 10:25:10 MB
> postgresql-9.2.3.tar.bz2.md5 2013-02-07 59
> postgresql-9.2.3.tar.bz2.md5 10:25:10 bytes
> postgresql-9.2.3.tar.gz postgresql-9.2.3.tar.gz 2013-02-07 20.5
> 10:25:12 MB
> postgresql-9.2.3.tar.gz.md5 2013-02-07 58
> postgresql-9.2.3.tar.gz.md5 10:25:13 bytes
Due to the security nature of the release, the source and binaries will
only be publicly available on April 4 --- there are no pre-release
versions available.
--
Bruce Momjian <br...@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
--
Sent via pgsql-performance mailing list (pgsql-pe...@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
> So It was announced that there would be a security patch for all versions
> released on the 4th. I see it's been announced/released on the website, but the
> versions available show Feb dates.
>
> Should the source be current? Or does it take a while for source and other to
> be made available?
>
> Figured if the site says released, it should be available.
>
> Thanks
> Tory
>
> postgresql-9.2.3.tar.bz2 2013-02-07 15.6
> postgresql-9.2.3.tar.bz2 10:25:10 MB
> postgresql-9.2.3.tar.bz2.md5 2013-02-07 59
> postgresql-9.2.3.tar.bz2.md5 10:25:10 bytes
> postgresql-9.2.3.tar.gz postgresql-9.2.3.tar.gz 2013-02-07 20.5
> 10:25:12 MB
> postgresql-9.2.3.tar.gz.md5 2013-02-07 58
> postgresql-9.2.3.tar.gz.md5 10:25:13 bytes
Due to the security nature of the release, the source and binaries will
only be publicly available on April 4 --- there are no pre-release
versions available.
--
Bruce Momjian <br...@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
--
Sent via pgsql-performance mailing list (pgsql-pe...@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
Ian Lawrence Barwick
Apr 1, 2013, 8:40:07 PM4/1/13
to
2013/4/2 Bruce Momjian <br...@momjian.us>:
"PostgreSQL minor versions released!", including a mention of a
"security issue";
unfortunately it's not obvious that this is for the prior 9.2.3 release and as
the announcement of the upcoming security release
( http://www.postgresql.org/about/news/1454/ ) does not mention the
new release number, methinks there is plenty of room for confusion :(
It might be an idea to update the "splash box" with details of the upcoming
release.
Regards
Ian Barwick
> On Mon, Apr 1, 2013 at 05:10:22PM -0700, Tory M Blue wrote:
>> So It was announced that there would be a security patch for all versions
>> released on the 4th. I see it's been announced/released on the website, but the
>> versions available show Feb dates.
>>
>> Should the source be current? Or does it take a while for source and other to
>> be made available?
>>
>> Figured if the site says released, it should be available.
>>
>> Thanks
>> Tory
>>
>> postgresql-9.2.3.tar.bz2 2013-02-07 15.6
>> postgresql-9.2.3.tar.bz2 10:25:10 MB
>> postgresql-9.2.3.tar.bz2.md5 2013-02-07 59
>> postgresql-9.2.3.tar.bz2.md5 10:25:10 bytes
>> postgresql-9.2.3.tar.gz postgresql-9.2.3.tar.gz 2013-02-07 20.5
>> 10:25:12 MB
>> postgresql-9.2.3.tar.gz.md5 2013-02-07 58
>> postgresql-9.2.3.tar.gz.md5 10:25:13 bytes
>
> Due to the security nature of the release, the source and binaries will
> only be publicly available on April 4 --- there are no pre-release
> versions available.
The PostgreSQL homepage has a big announcement saying
>> So It was announced that there would be a security patch for all versions
>> released on the 4th. I see it's been announced/released on the website, but the
>> versions available show Feb dates.
>>
>> Should the source be current? Or does it take a while for source and other to
>> be made available?
>>
>> Figured if the site says released, it should be available.
>>
>> Thanks
>> Tory
>>
>> postgresql-9.2.3.tar.bz2 2013-02-07 15.6
>> postgresql-9.2.3.tar.bz2 10:25:10 MB
>> postgresql-9.2.3.tar.bz2.md5 2013-02-07 59
>> postgresql-9.2.3.tar.bz2.md5 10:25:10 bytes
>> postgresql-9.2.3.tar.gz postgresql-9.2.3.tar.gz 2013-02-07 20.5
>> 10:25:12 MB
>> postgresql-9.2.3.tar.gz.md5 2013-02-07 58
>> postgresql-9.2.3.tar.gz.md5 10:25:13 bytes
>
> Due to the security nature of the release, the source and binaries will
> only be publicly available on April 4 --- there are no pre-release
> versions available.
"PostgreSQL minor versions released!", including a mention of a
"security issue";
unfortunately it's not obvious that this is for the prior 9.2.3 release and as
the announcement of the upcoming security release
( http://www.postgresql.org/about/news/1454/ ) does not mention the
new release number, methinks there is plenty of room for confusion :(
It might be an idea to update the "splash box" with details of the upcoming
release.
Regards
Ian Barwick
Bruce Momjian
Apr 1, 2013, 8:55:26 PM4/1/13
to
On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote:
> > Due to the security nature of the release, the source and binaries will
> > only be publicly available on April 4 --- there are no pre-release
> > versions available.
>
> The PostgreSQL homepage has a big announcement saying
> "PostgreSQL minor versions released!", including a mention of a
> "security issue";
> unfortunately it's not obvious that this is for the prior 9.2.3 release and as
> the announcement of the upcoming security release
> ( http://www.postgresql.org/about/news/1454/ ) does not mention the
> new release number, methinks there is plenty of room for confusion :(
>
> It might be an idea to update the "splash box" with details of the upcoming
> release.
I agree updating the "spash box" would make sense.
> > Due to the security nature of the release, the source and binaries will
> > only be publicly available on April 4 --- there are no pre-release
> > versions available.
>
> The PostgreSQL homepage has a big announcement saying
> "PostgreSQL minor versions released!", including a mention of a
> "security issue";
> unfortunately it's not obvious that this is for the prior 9.2.3 release and as
> the announcement of the upcoming security release
> ( http://www.postgresql.org/about/news/1454/ ) does not mention the
> new release number, methinks there is plenty of room for confusion :(
>
> It might be an idea to update the "splash box" with details of the upcoming
> release.
--
Bruce Momjian <br...@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
Tory M Blue
Apr 1, 2013, 11:35:54 PM4/1/13
to
On Mon, Apr 1, 2013 at 5:55 PM, Bruce Momjian <br...@momjian.us> wrote:
On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote:
> > Due to the security nature of the release, the source and binaries will
> > only be publicly available on April 4 --- there are no pre-release
> > versions available.
>
> The PostgreSQL homepage has a big announcement saying
> "PostgreSQL minor versions released!", including a mention of a
> "security issue";
> unfortunately it's not obvious that this is for the prior 9.2.3 release and as
> the announcement of the upcoming security release
> ( http://www.postgresql.org/about/news/1454/ ) does not mention the
> new release number, methinks there is plenty of room for confusion :(
>
> It might be an idea to update the "splash box" with details of the upcoming
> release.
>I agree updating the "spash box" would make sense.
Thanks all
My confusion was due to the fact that the other day there was a splash box or other indication regarding the security fix release of April 4th and when I went back today (just because), the message had changed citing there was a security fix etc and no mention of a major fix coming in a few days.
My apologies for the confusion
Tory
My confusion was due to the fact that the other day there was a splash box or other indication regarding the security fix release of April 4th and when I went back today (just because), the message had changed citing there was a security fix etc and no mention of a major fix coming in a few days.
My apologies for the confusion
Tory
Mark Kirkwood
Apr 1, 2013, 11:43:48 PM4/1/13
to
On 02/04/13 13:55, Bruce Momjian wrote:
> On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote:
>>> Due to the security nature of the release, the source and binaries will
>>> only be publicly available on April 4 --- there are no pre-release
>>> versions available.
>>
>> The PostgreSQL homepage has a big announcement saying
>> "PostgreSQL minor versions released!", including a mention of a
>> "security issue";
>> unfortunately it's not obvious that this is for the prior 9.2.3 release and as
>> the announcement of the upcoming security release
>> ( http://www.postgresql.org/about/news/1454/ ) does not mention the
>> new release number, methinks there is plenty of room for confusion :(
>>
>> It might be an idea to update the "splash box" with details of the upcoming
>> release.
>
> I agree updating the "spash box" would make sense.
>
Or perhaps include a date on said splashes, so we know when to panic :-)
> On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote:
>>> Due to the security nature of the release, the source and binaries will
>>> only be publicly available on April 4 --- there are no pre-release
>>> versions available.
>>
>> The PostgreSQL homepage has a big announcement saying
>> "PostgreSQL minor versions released!", including a mention of a
>> "security issue";
>> unfortunately it's not obvious that this is for the prior 9.2.3 release and as
>> the announcement of the upcoming security release
>> ( http://www.postgresql.org/about/news/1454/ ) does not mention the
>> new release number, methinks there is plenty of room for confusion :(
>>
>> It might be an idea to update the "splash box" with details of the upcoming
>> release.
>
> I agree updating the "spash box" would make sense.
>
Dave Page
Apr 2, 2013, 4:34:39 AM4/2/13
to
On Mon, Apr 1, 2013 at 11:43 PM, Mark Kirkwood
<mark.k...@catalyst.net.nz> wrote:
> On 02/04/13 13:55, Bruce Momjian wrote:
>>
>> On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote:
>>>>
>>>> Due to the security nature of the release, the source and binaries will
>>>> only be publicly available on April 4 --- there are no pre-release
>>>> versions available.
>>>
>>>
>>> The PostgreSQL homepage has a big announcement saying
>>> "PostgreSQL minor versions released!", including a mention of a
>>> "security issue";
>>> unfortunately it's not obvious that this is for the prior 9.2.3 release
>>> and as
>>> the announcement of the upcoming security release
>>> ( http://www.postgresql.org/about/news/1454/ ) does not mention the
>>> new release number, methinks there is plenty of room for confusion :(
>>>
>>> It might be an idea to update the "splash box" with details of the
>>> upcoming
>>> release.
>>
>>
>> I agree updating the "spash box" would make sense.
>>
>
> Or perhaps include a date on said splashes, so we know when to panic :-)
I've added the date to the splash. You can cease panicing now :-)
<mark.k...@catalyst.net.nz> wrote:
> On 02/04/13 13:55, Bruce Momjian wrote:
>>
>> On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote:
>>>>
>>>> Due to the security nature of the release, the source and binaries will
>>>> only be publicly available on April 4 --- there are no pre-release
>>>> versions available.
>>>
>>>
>>> The PostgreSQL homepage has a big announcement saying
>>> "PostgreSQL minor versions released!", including a mention of a
>>> "security issue";
>>> unfortunately it's not obvious that this is for the prior 9.2.3 release
>>> and as
>>> the announcement of the upcoming security release
>>> ( http://www.postgresql.org/about/news/1454/ ) does not mention the
>>> new release number, methinks there is plenty of room for confusion :(
>>>
>>> It might be an idea to update the "splash box" with details of the
>>> upcoming
>>> release.
>>
>>
>> I agree updating the "spash box" would make sense.
>>
>
> Or perhaps include a date on said splashes, so we know when to panic :-)
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
Mark Kirkwood
Apr 2, 2013, 4:47:21 AM4/2/13
to
On 02/04/13 21:34, Dave Page wrote:
> On Mon, Apr 1, 2013 at 11:43 PM, Mark Kirkwood
> <mark.k...@catalyst.net.nz> wrote:
>> On 02/04/13 13:55, Bruce Momjian wrote:
>>>
>>> On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote:
>>>>>
>>>>> Due to the security nature of the release, the source and binaries will
>>>>> only be publicly available on April 4 --- there are no pre-release
>>>>> versions available.
>>>>
>>>>
>>>> The PostgreSQL homepage has a big announcement saying
>>>> "PostgreSQL minor versions released!", including a mention of a
>>>> "security issue";
>>>> unfortunately it's not obvious that this is for the prior 9.2.3 release
>>>> and as
>>>> the announcement of the upcoming security release
>>>> ( http://www.postgresql.org/about/news/1454/ ) does not mention the
>>>> new release number, methinks there is plenty of room for confusion :(
>>>>
>>>> It might be an idea to update the "splash box" with details of the
>>>> upcoming
>>>> release.
>>>
>>>
>>> I agree updating the "spash box" would make sense.
>>>
>>
>> Or perhaps include a date on said splashes, so we know when to panic :-)
>
> I've added the date to the splash. You can cease panicing now :-)
>
...wipes forehead...
> On Mon, Apr 1, 2013 at 11:43 PM, Mark Kirkwood
> <mark.k...@catalyst.net.nz> wrote:
>> On 02/04/13 13:55, Bruce Momjian wrote:
>>>
>>> On Tue, Apr 2, 2013 at 09:40:07AM +0900, Ian Lawrence Barwick wrote:
>>>>>
>>>>> Due to the security nature of the release, the source and binaries will
>>>>> only be publicly available on April 4 --- there are no pre-release
>>>>> versions available.
>>>>
>>>>
>>>> The PostgreSQL homepage has a big announcement saying
>>>> "PostgreSQL minor versions released!", including a mention of a
>>>> "security issue";
>>>> unfortunately it's not obvious that this is for the prior 9.2.3 release
>>>> and as
>>>> the announcement of the upcoming security release
>>>> ( http://www.postgresql.org/about/news/1454/ ) does not mention the
>>>> new release number, methinks there is plenty of room for confusion :(
>>>>
>>>> It might be an idea to update the "splash box" with details of the
>>>> upcoming
>>>> release.
>>>
>>>
>>> I agree updating the "spash box" would make sense.
>>>
>>
>> Or perhaps include a date on said splashes, so we know when to panic :-)
>
> I've added the date to the splash. You can cease panicing now :-)
>
Mark Kirkwood
Apr 4, 2013, 4:52:04 AM4/4/13
to
what timezone said date referred to...in case people were waiting on an
important announcement or something... :-)
Ian Lawrence Barwick
Apr 4, 2013, 5:11:34 AM4/4/13
to
2013/4/4 Mark Kirkwood <mark.k...@catalyst.net.nz>:
I'm guessing somewhere around the start of the business day US time on their
east coast? Which means a late night for those of us on the early side of
the International Date Line (I'm in Japan). I'll want to at least find out what
the nature of the problem is before deciding whether I need to burn some
late-nite oil...
Regards
Ian Barwick
east coast? Which means a late night for those of us on the early side of
the International Date Line (I'm in Japan). I'll want to at least find out what
the nature of the problem is before deciding whether I need to burn some
late-nite oil...
Regards
Ian Barwick
0 new messages