LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A serious PostgreSQL security fix

A serious PostgreSQL security fix

Posted Apr 4, 2013 20:32 UTC (Thu) by geofft (subscriber, #59789)
In reply to: A serious PostgreSQL security fix by FranTaylor
Parent article: A serious PostgreSQL security fix

Sorry, I don't read that as a pot shot -- it's just a clarification on standard expectations for the severity of a security flaw. Otherwise the complaint would be "PRETTY CLASSY, not owning up to a design flaw in Postgres."

(Log in to post comments)

A serious PostgreSQL security fix

Posted Apr 4, 2013 22:41 UTC (Thu) by price (subscriber, #59790) [Link]

The "good general rule" comment is the clarification you describe.

Saying other unnamed database systems are worse -- in that they may have more of exactly the kind of flaw the PostgreSQL developers had here -- is unhelpful and makes them sound childish and defensive. Red Hat doesn't warn about Windows security in an RHSA.

A serious PostgreSQL security fix

Posted Apr 5, 2013 8:18 UTC (Fri) by mbanck (subscriber, #9035) [Link]

That comment was taken from the FAQ corresponding to the security alert, not the alert itself.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds