Discussion:
Postgres upgrade, security release, where?
(too old to reply)
Bruce Momjian
2013-04-02 00:27:06 UTC
Permalink
So It was announced that there would be a security patch for all versions
released on the 4th. I see it's been announced/released on the website, but the
versions available show Feb dates.
Should the source be current? Or does it take a while for source and other to
be made available?
Figured if the site says released, it should be available.
Thanks
Tory
postgresql-9.2.3.tar.bz2 2013-02-07 15.6
postgresql-9.2.3.tar.bz2 10:25:10 MB
postgresql-9.2.3.tar.bz2.md5 2013-02-07 59
postgresql-9.2.3.tar.bz2.md5 10:25:10 bytes
postgresql-9.2.3.tar.gz postgresql-9.2.3.tar.gz 2013-02-07 20.5
10:25:12 MB
postgresql-9.2.3.tar.gz.md5 2013-02-07 58
postgresql-9.2.3.tar.gz.md5 10:25:13 bytes
Due to the security nature of the release, the source and binaries will
only be publicly available on April 4 --- there are no pre-release
versions available.
--
Bruce Momjian <***@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ It's impossible for everything to be true. +
--
Sent via pgsql-performance mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
Ian Lawrence Barwick
2013-04-02 00:40:07 UTC
Permalink
Post by Bruce Momjian
So It was announced that there would be a security patch for all versions
released on the 4th. I see it's been announced/released on the website, but the
versions available show Feb dates.
Should the source be current? Or does it take a while for source and other to
be made available?
Figured if the site says released, it should be available.
Thanks
Tory
postgresql-9.2.3.tar.bz2 2013-02-07 15.6
postgresql-9.2.3.tar.bz2 10:25:10 MB
postgresql-9.2.3.tar.bz2.md5 2013-02-07 59
postgresql-9.2.3.tar.bz2.md5 10:25:10 bytes
postgresql-9.2.3.tar.gz postgresql-9.2.3.tar.gz 2013-02-07 20.5
10:25:12 MB
postgresql-9.2.3.tar.gz.md5 2013-02-07 58
postgresql-9.2.3.tar.gz.md5 10:25:13 bytes
Due to the security nature of the release, the source and binaries will
only be publicly available on April 4 --- there are no pre-release
versions available.
The PostgreSQL homepage has a big announcement saying
"PostgreSQL minor versions released!", including a mention of a
"security issue";
unfortunately it's not obvious that this is for the prior 9.2.3 release and as
the announcement of the upcoming security release
( http://www.postgresql.org/about/news/1454/ ) does not mention the
new release number, methinks there is plenty of room for confusion :(

It might be an idea to update the "splash box" with details of the upcoming
release.

Regards


Ian Barwick
--
Sent via pgsql-performance mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
Bruce Momjian
2013-04-02 00:55:26 UTC
Permalink
Post by Ian Lawrence Barwick
Post by Bruce Momjian
Due to the security nature of the release, the source and binaries will
only be publicly available on April 4 --- there are no pre-release
versions available.
The PostgreSQL homepage has a big announcement saying
"PostgreSQL minor versions released!", including a mention of a
"security issue";
unfortunately it's not obvious that this is for the prior 9.2.3 release and as
the announcement of the upcoming security release
( http://www.postgresql.org/about/news/1454/ ) does not mention the
new release number, methinks there is plenty of room for confusion :(
It might be an idea to update the "splash box" with details of the upcoming
release.
I agree updating the "spash box" would make sense.
--
Bruce Momjian <***@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ It's impossible for everything to be true. +
--
Sent via pgsql-performance mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
Tory M Blue
2013-04-02 03:35:54 UTC
Permalink
Post by Ian Lawrence Barwick
Post by Ian Lawrence Barwick
Post by Bruce Momjian
Due to the security nature of the release, the source and binaries will
only be publicly available on April 4 --- there are no pre-release
versions available.
The PostgreSQL homepage has a big announcement saying
"PostgreSQL minor versions released!", including a mention of a
"security issue";
unfortunately it's not obvious that this is for the prior 9.2.3 release
and as
Post by Ian Lawrence Barwick
the announcement of the upcoming security release
( http://www.postgresql.org/about/news/1454/ ) does not mention the
new release number, methinks there is plenty of room for confusion :(
It might be an idea to update the "splash box" with details of the
upcoming
Post by Ian Lawrence Barwick
release.
I agree updating the "spash box" would make sense.
Thanks all

My confusion was due to the fact that the other day there was a splash box
or other indication regarding the security fix release of April 4th and
when I went back today (just because), the message had changed citing there
was a security fix etc and no mention of a major fix coming in a few days.

My apologies for the confusion

Tory
Mark Kirkwood
2013-04-02 03:43:48 UTC
Permalink
Post by Bruce Momjian
Post by Ian Lawrence Barwick
Post by Bruce Momjian
Due to the security nature of the release, the source and binaries will
only be publicly available on April 4 --- there are no pre-release
versions available.
The PostgreSQL homepage has a big announcement saying
"PostgreSQL minor versions released!", including a mention of a
"security issue";
unfortunately it's not obvious that this is for the prior 9.2.3 release and as
the announcement of the upcoming security release
( http://www.postgresql.org/about/news/1454/ ) does not mention the
new release number, methinks there is plenty of room for confusion :(
It might be an idea to update the "splash box" with details of the upcoming
release.
I agree updating the "spash box" would make sense.
Or perhaps include a date on said splashes, so we know when to panic :-)
--
Sent via pgsql-performance mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
Dave Page
2013-04-02 08:34:39 UTC
Permalink
On Mon, Apr 1, 2013 at 11:43 PM, Mark Kirkwood
Post by Mark Kirkwood
Post by Bruce Momjian
Post by Ian Lawrence Barwick
Post by Bruce Momjian
Due to the security nature of the release, the source and binaries will
only be publicly available on April 4 --- there are no pre-release
versions available.
The PostgreSQL homepage has a big announcement saying
"PostgreSQL minor versions released!", including a mention of a
"security issue";
unfortunately it's not obvious that this is for the prior 9.2.3 release and as
the announcement of the upcoming security release
( http://www.postgresql.org/about/news/1454/ ) does not mention the
new release number, methinks there is plenty of room for confusion :(
It might be an idea to update the "splash box" with details of the upcoming
release.
I agree updating the "spash box" would make sense.
Or perhaps include a date on said splashes, so we know when to panic :-)
I've added the date to the splash. You can cease panicing now :-)

--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--
Sent via pgsql-performance mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
Mark Kirkwood
2013-04-02 08:47:21 UTC
Permalink
Post by Dave Page
On Mon, Apr 1, 2013 at 11:43 PM, Mark Kirkwood
Post by Mark Kirkwood
Post by Bruce Momjian
Post by Ian Lawrence Barwick
Post by Bruce Momjian
Due to the security nature of the release, the source and binaries will
only be publicly available on April 4 --- there are no pre-release
versions available.
The PostgreSQL homepage has a big announcement saying
"PostgreSQL minor versions released!", including a mention of a
"security issue";
unfortunately it's not obvious that this is for the prior 9.2.3 release and as
the announcement of the upcoming security release
( http://www.postgresql.org/about/news/1454/ ) does not mention the
new release number, methinks there is plenty of room for confusion :(
It might be an idea to update the "splash box" with details of the upcoming
release.
I agree updating the "spash box" would make sense.
Or perhaps include a date on said splashes, so we know when to panic :-)
I've added the date to the splash. You can cease panicing now :-)
...wipes forehead...
--
Sent via pgsql-performance mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
Mark Kirkwood
2013-04-04 08:52:04 UTC
Permalink
Post by Mark Kirkwood
Post by Dave Page
On Mon, Apr 1, 2013 at 11:43 PM, Mark Kirkwood
Post by Mark Kirkwood
Post by Bruce Momjian
Post by Ian Lawrence Barwick
Post by Bruce Momjian
Due to the security nature of the release, the source and binaries will
only be publicly available on April 4 --- there are no pre-release
versions available.
The PostgreSQL homepage has a big announcement saying
"PostgreSQL minor versions released!", including a mention of a
"security issue";
unfortunately it's not obvious that this is for the prior 9.2.3
release
and as
the announcement of the upcoming security release
( http://www.postgresql.org/about/news/1454/ ) does not mention the
new release number, methinks there is plenty of room for confusion :(
It might be an idea to update the "splash box" with details of the upcoming
release.
I agree updating the "spash box" would make sense.
Or perhaps include a date on said splashes, so we know when to panic :-)
I've added the date to the splash. You can cease panicing now :-)
...wipes forehead...
Nice - but at the risk of seeming ungrateful, it would be good to know
what timezone said date referred to...in case people were waiting on an
important announcement or something... :-)
--
Sent via pgsql-performance mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
Ian Lawrence Barwick
2013-04-04 09:11:34 UTC
Permalink
Post by Mark Kirkwood
Post by Dave Page
On Mon, Apr 1, 2013 at 11:43 PM, Mark Kirkwood
Post by Mark Kirkwood
Post by Bruce Momjian
Post by Ian Lawrence Barwick
Post by Bruce Momjian
Due to the security nature of the release, the source and binaries will
only be publicly available on April 4 --- there are no pre-release
versions available.
The PostgreSQL homepage has a big announcement saying
"PostgreSQL minor versions released!", including a mention of a
"security issue";
unfortunately it's not obvious that this is for the prior 9.2.3
release
and as
the announcement of the upcoming security release
( http://www.postgresql.org/about/news/1454/ ) does not mention the
new release number, methinks there is plenty of room for confusion :(
It might be an idea to update the "splash box" with details of the upcoming
release.
I agree updating the "spash box" would make sense.
Or perhaps include a date on said splashes, so we know when to panic :-)
I've added the date to the splash. You can cease panicing now :-)
...wipes forehead...
Nice - but at the risk of seeming ungrateful, it would be good to know what
timezone said date referred to...in case people were waiting on an important
announcement or something... :-)
I'm guessing somewhere around the start of the business day US time on their
east coast? Which means a late night for those of us on the early side of
the International Date Line (I'm in Japan). I'll want to at least find out what
the nature of the problem is before deciding whether I need to burn some
late-nite oil...

Regards

Ian Barwick
--
Sent via pgsql-performance mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-performance
Loading...