Re: CVE Links are broken on the PG 10.1 news page

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: CVE Links are broken on the PG 10.1 news page
Дата
Msg-id CABUevEx-EWXCgOjjpz_JoO99PusQUYcgxxHKJGuYyCktiZ7_wg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: CVE Links are broken on the PG 10.1 news page  ("Jonathan S. Katz" <jkatz@postgresql.org>)
Список pgsql-www
Дерево обсуждения
On Fri, Nov 10, 2017 at 5:55 PM, Jonathan S. Katz <jkatz@postgresql.org> wrote:

> On Nov 10, 2017, at 11:32 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Magnus Hagander <magnus@hagander.net> writes:
>> On Fri, Nov 10, 2017 at 2:56 PM, Daniel Gustafsson <daniel@yesql.se> wrote:
>>> On 10 Nov 2017, at 12:14, Damien Clochard <damien@dalibo.info> wrote:
>>>> The 3 CVE links lead to a 404 page on RH website :
>>>> https://access.redhat.com/security/cve/CVE-2017-12172
>>>> https://access.redhat.com/security/cve/CVE-2017-15098
>>>> https://access.redhat.com/security/cve/CVE-2017-15099
>
>>> Even better would probably be to not make them actual links until the
>>> target URL exists.
>
>> We used to do it that way. Which then meant they usually didn't get updated
>> until the next round of releases, because it got forgotten :/
>
> FWIW, I see that -12172 just got de-embargoed.  Probably the other two
> will follow shortly.

Interestingly enough, when I checked post-release yesterday, they were available, so they must have been re-embargoed shortly thereafter.

I think the right thing to do here will materialize itself once I have finished off the branch which databaseifies the list. When we've reached that point we can have a cronjob that pings the redhat urls and turns it into a link only once they stop returning 404.

Until then I think we're best off just keeping it the way it is now. 


--

В списке pgsql-www по дате отправления:

Предыдущее
От: "Jonathan S. Katz"
Дата:
Сообщение: Re: CVE Links are broken on the PG 10.1 news page
Следующее
От: Vỹ Phan
Дата:
Сообщение: Wiki editor request