Обсуждение: Problem with OpenSCG downloads
On Thu, Aug 16, 2018 at 06:00:30AM -0700, Andres Freund wrote: > Random observation: http://www.openscg.com/bigsql/postgresql/installers/ > seems to indicate that packages aren't updated anymore. While it says > "(09-Aug-18)" besides the major versions, it does not actually in fact > have the last set of minor releases. I suspect that's related to > openscg's acquisition by amazon? Either they need to catch up, or we > need to take down the page and probably alert people about that fact. Forwarding Andres's email above to www for research. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
On Thu, Aug 16, 2018 at 3:35 PM, Bruce Momjian <bruce@momjian.us> wrote:
-- On Thu, Aug 16, 2018 at 06:00:30AM -0700, Andres Freund wrote:
> Random observation: http://www.openscg.com/bigsql/postgresql/installers/
> seems to indicate that packages aren't updated anymore. While it says
> "(09-Aug-18)" besides the major versions, it does not actually in fact
> have the last set of minor releases. I suspect that's related to
> openscg's acquisition by amazon? Either they need to catch up, or we
> need to take down the page and probably alert people about that fact.
Forwarding Andres's email above to www for research.
Jimbo assured me at PGCon that Amazon were going to ensure those packages were kept up to date in the normal schedule.
Jim, do you know what's happening?
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
On Thu, Aug 16, 2018 at 11:00 AM, Dave Page <dpage@pgadmin.org> wrote:
Yea, we are working on getting them out ASAP. Because of the acquisition, our build servers are now sitting in physical locations where people don't regularly work. In this particular case, they are sitting in our NJ office which had a power outage long enough the the UPS drained requiring someone to physically hit the button to power up the servers so we can do the builds. We're working on moving the builds to this newfangled thing called the cloud so we don't have the problem in the future. :-)On Thu, Aug 16, 2018 at 3:35 PM, Bruce Momjian <bruce@momjian.us> wrote:On Thu, Aug 16, 2018 at 06:00:30AM -0700, Andres Freund wrote:
> Random observation: http://www.openscg.com/bigsql/postgresql/installers/
> seems to indicate that packages aren't updated anymore. While it says
> "(09-Aug-18)" besides the major versions, it does not actually in fact
> have the last set of minor releases. I suspect that's related to
> openscg's acquisition by amazon? Either they need to catch up, or we
> need to take down the page and probably alert people about that fact.
Forwarding Andres's email above to www for research.Jimbo assured me at PGCon that Amazon were going to ensure those packages were kept up to date in the normal schedule.Jim, do you know what's happening?
I'll ask the team to give me an ETA and report back.
On Thu, Aug 16, 2018 at 4:19 PM, Jim Mlodgenski <jimm@postgresconf.org> wrote:
Thanks Jim.On Thu, Aug 16, 2018 at 11:00 AM, Dave Page <dpage@pgadmin.org> wrote:Yea, we are working on getting them out ASAP. Because of the acquisition, our build servers are now sitting in physical locations where people don't regularly work. In this particular case, they are sitting in our NJ office which had a power outage long enough the the UPS drained requiring someone to physically hit the button to power up the servers so we can do the builds. We're working on moving the builds to this newfangled thing called the cloud so we don't have the problem in the future. :-)On Thu, Aug 16, 2018 at 3:35 PM, Bruce Momjian <bruce@momjian.us> wrote:On Thu, Aug 16, 2018 at 06:00:30AM -0700, Andres Freund wrote:
> Random observation: http://www.openscg.com/bigsql/postgresql/installers/
> seems to indicate that packages aren't updated anymore. While it says
> "(09-Aug-18)" besides the major versions, it does not actually in fact
> have the last set of minor releases. I suspect that's related to
> openscg's acquisition by amazon? Either they need to catch up, or we
> need to take down the page and probably alert people about that fact.
Forwarding Andres's email above to www for research.Jimbo assured me at PGCon that Amazon were going to ensure those packages were kept up to date in the normal schedule.Jim, do you know what's happening?I'll ask the team to give me an ETA and report back.
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
Hi, On 2018-08-16 11:19:49 -0400, Jim Mlodgenski wrote: > On Thu, Aug 16, 2018 at 11:00 AM, Dave Page <dpage@pgadmin.org> wrote: > > Jimbo assured me at PGCon that Amazon were going to ensure those packages > > were kept up to date in the normal schedule. > > > > Jim, do you know what's happening? > Yea, we are working on getting them out ASAP. Because of the acquisition, > our build servers are now sitting in physical locations where people don't > regularly work. In this particular case, they are sitting in our NJ office > which had a power outage long enough the the UPS drained requiring someone > to physically hit the button to power up the servers so we can do the > builds. We're working on moving the builds to this newfangled thing called > the cloud so we don't have the problem in the future. :-) > > I'll ask the team to give me an ETA and report back. FWIW, I find this pretty damning given that there's been new security release for a week: You've added no notes about it to the bigsql download page. Pinged nobody, to get the downloadlinks temporarily adorned with a warning on the pg site. And then there's the issue that the dates besides the releases on the download page are referencing the date of the newest set of minor releases, but aren't actually new. This is ridiculously intransparent. Greetings, Andres Freund
On 2018-08-16 16:25, Andres Freund wrote: > Hi, > > On 2018-08-16 11:19:49 -0400, Jim Mlodgenski wrote: >> On Thu, Aug 16, 2018 at 11:00 AM, Dave Page <dpage@pgadmin.org> wrote: >> > Jimbo assured me at PGCon that Amazon were going to ensure those packages >> > were kept up to date in the normal schedule. >> > >> > Jim, do you know what's happening? > >> Yea, we are working on getting them out ASAP. Because of the >> acquisition, >> our build servers are now sitting in physical locations where people >> don't >> regularly work. In this particular case, they are sitting in our NJ >> office >> which had a power outage long enough the the UPS drained requiring >> someone >> to physically hit the button to power up the servers so we can do the >> builds. We're working on moving the builds to this newfangled thing >> called >> the cloud so we don't have the problem in the future. :-) >> >> I'll ask the team to give me an ETA and report back. > > FWIW, I find this pretty damning given that there's been new security > release for a week: You've added no notes about it to the bigsql > download page. Pinged nobody, to get the downloadlinks temporarily > adorned with a warning on the pg site. And then there's the issue that > the dates besides the releases on the download page are referencing the > date of the newest set of minor releases, but aren't actually new. > > This is ridiculously intransparent. Is it fairly simple for us to just comment out/remove the links for now? We don't want to be pointing people to software with known security issues. We can put the links back in when the updated downloads are in place. :) + Justin
On 2018-08-16 16:32:00 +0100, Justin Clift wrote: > On 2018-08-16 16:25, Andres Freund wrote: > > FWIW, I find this pretty damning given that there's been new security > > release for a week: You've added no notes about it to the bigsql > > download page. Pinged nobody, to get the downloadlinks temporarily > > adorned with a warning on the pg site. And then there's the issue that > > the dates besides the releases on the download page are referencing the > > date of the newest set of minor releases, but aren't actually new. > > > > This is ridiculously intransparent. > > Is it fairly simple for us to just comment out/remove the links for now? > > We don't want to be pointing people to software with known security issues. > > We can put the links back in when the updated downloads are in place. :) Probably don't want to remove them entirely, it might prevent people from upgrading from an even older release with more serious issues. But a red warning seems appropriate. Greetings, Andres Freund
On Thu, Aug 16, 2018 at 09:25:36AM -0700, Andres Freund wrote: > On 2018-08-16 16:32:00 +0100, Justin Clift wrote: > > On 2018-08-16 16:25, Andres Freund wrote: > > > FWIW, I find this pretty damning given that there's been new security > > > release for a week: You've added no notes about it to the bigsql > > > download page. Pinged nobody, to get the downloadlinks temporarily > > > adorned with a warning on the pg site. And then there's the issue that > > > the dates besides the releases on the download page are referencing the > > > date of the newest set of minor releases, but aren't actually new. > > > > > > This is ridiculously intransparent. > > > > Is it fairly simple for us to just comment out/remove the links for now? > > > > We don't want to be pointing people to software with known security issues. > > > > We can put the links back in when the updated downloads are in place. :) > > Probably don't want to remove them entirely, it might prevent people > from upgrading from an even older release with more serious issues. But > a red warning seems appropriate. Agreed. We need to do something _now_, and the fact that we are having to discover this instead of OpenSCG telling us is a good reason to suspect the use of this download site in the future. Looking at their website now, does it show they now have the proper binaries? https://www.openscg.com/bigsql/postgresql/installers/ PostgreSQL 10.5 - Stable (09-Aug-18) postgresql-10.5-win64.exe postgresql-10.5-osx64.dmg -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
On Fri, Aug 17, 2018 at 4:39 AM, Bruce Momjian <bruce@momjian.us> wrote:
On Thu, Aug 16, 2018 at 09:25:36AM -0700, Andres Freund wrote:
> On 2018-08-16 16:32:00 +0100, Justin Clift wrote:
> > On 2018-08-16 16:25, Andres Freund wrote:
> > > FWIW, I find this pretty damning given that there's been new security
> > > release for a week: You've added no notes about it to the bigsql
> > > download page. Pinged nobody, to get the downloadlinks temporarily
> > > adorned with a warning on the pg site. And then there's the issue that
> > > the dates besides the releases on the download page are referencing the
> > > date of the newest set of minor releases, but aren't actually new.
> > >
> > > This is ridiculously intransparent.
> >
> > Is it fairly simple for us to just comment out/remove the links for now?
> >
> > We don't want to be pointing people to software with known security issues.
> >
> > We can put the links back in when the updated downloads are in place. :)
>
> Probably don't want to remove them entirely, it might prevent people
> from upgrading from an even older release with more serious issues. But
> a red warning seems appropriate.
Agreed. We need to do something _now_, and the fact that we are having
to discover this instead of OpenSCG telling us is a good reason to
suspect the use of this download site in the future.
Looking at their website now, does it show they now have the proper
binaries?
https://www.openscg.com/bigsql/postgresql/installers/
PostgreSQL 10.5 - Stable (09-Aug-18)
postgresql-10.5-win64.exe
postgresql-10.5-osx64.dmg
Per the filenames it looks like they do. But the dates are still backdated on them?
Jim, any confirmation on the status?
On Fri, Aug 17, 2018 at 09:48:26AM +0200, Magnus Hagander wrote: > Looking at their website now, does it show they now have the proper > binaries? > > https://www.openscg.com/bigsql/postgresql/installers/ > > PostgreSQL 10.5 - Stable (09-Aug-18) > > postgresql-10.5-win64.exe > postgresql-10.5-osx64.dmg > > Per the filenames it looks like they do. But the dates are still backdated on > them? Uh, what's the matter with the dates now? 2018-08-09 is the release date of 10.5. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
On Fri, Aug 17, 2018 at 3:48 AM, Magnus Hagander <magnus@hagander.net> wrote:
Yes, we pushed the latest installers last night. On Fri, Aug 17, 2018 at 4:39 AM, Bruce Momjian <bruce@momjian.us> wrote:On Thu, Aug 16, 2018 at 09:25:36AM -0700, Andres Freund wrote:
> On 2018-08-16 16:32:00 +0100, Justin Clift wrote:
> > On 2018-08-16 16:25, Andres Freund wrote:
> > > FWIW, I find this pretty damning given that there's been new security
> > > release for a week: You've added no notes about it to the bigsql
> > > download page. Pinged nobody, to get the downloadlinks temporarily
> > > adorned with a warning on the pg site. And then there's the issue that
> > > the dates besides the releases on the download page are referencing the
> > > date of the newest set of minor releases, but aren't actually new.
> > >
> > > This is ridiculously intransparent.
> >
> > Is it fairly simple for us to just comment out/remove the links for now?
> >
> > We don't want to be pointing people to software with known security issues.
> >
> > We can put the links back in when the updated downloads are in place. :)
>
> Probably don't want to remove them entirely, it might prevent people
> from upgrading from an even older release with more serious issues. But
> a red warning seems appropriate.
Agreed. We need to do something _now_, and the fact that we are having
to discover this instead of OpenSCG telling us is a good reason to
suspect the use of this download site in the future.
Looking at their website now, does it show they now have the proper
binaries?
https://www.openscg.com/bigsql/postgresql/installers/
PostgreSQL 10.5 - Stable (09-Aug-18)
postgresql-10.5-win64.exe
postgresql-10.5-osx64.dmgPer the filenames it looks like they do. But the dates are still backdated on them?Jim, any confirmation on the status?
The reason for the back date is because we did post new binaries on Aug-9, but didn't post the new installers until last night. That meant that existing users of the installers would get the latest updates posted on Aug-9 if they checked for updates through the mechanism of their existing install. Also, if new users installed the older version, at the end they would see there are updates available if they checked. The server we used to wrap the installers was down which caused the delay.
Sorry for the trouble and we'll be much more proactive of letting everyone know if we have any difficulty in the future which I don't anticipate happening.
On Fri, Aug 17, 2018 at 2:35 PM, Jim Mlodgenski <jimmy76@gmail.com> wrote:
Yes, we pushed the latest installers last night.On Fri, Aug 17, 2018 at 3:48 AM, Magnus Hagander <magnus@hagander.net> wrote:On Fri, Aug 17, 2018 at 4:39 AM, Bruce Momjian <bruce@momjian.us> wrote:On Thu, Aug 16, 2018 at 09:25:36AM -0700, Andres Freund wrote:
> On 2018-08-16 16:32:00 +0100, Justin Clift wrote:
> > On 2018-08-16 16:25, Andres Freund wrote:
> > > FWIW, I find this pretty damning given that there's been new security
> > > release for a week: You've added no notes about it to the bigsql
> > > download page. Pinged nobody, to get the downloadlinks temporarily
> > > adorned with a warning on the pg site. And then there's the issue that
> > > the dates besides the releases on the download page are referencing the
> > > date of the newest set of minor releases, but aren't actually new.
> > >
> > > This is ridiculously intransparent.
> >
> > Is it fairly simple for us to just comment out/remove the links for now?
> >
> > We don't want to be pointing people to software with known security issues.
> >
> > We can put the links back in when the updated downloads are in place. :)
>
> Probably don't want to remove them entirely, it might prevent people
> from upgrading from an even older release with more serious issues. But
> a red warning seems appropriate.
Agreed. We need to do something _now_, and the fact that we are having
to discover this instead of OpenSCG telling us is a good reason to
suspect the use of this download site in the future.
Looking at their website now, does it show they now have the proper
binaries?
https://www.openscg.com/bigsql/postgresql/installers/
PostgreSQL 10.5 - Stable (09-Aug-18)
postgresql-10.5-win64.exe
postgresql-10.5-osx64.dmgPer the filenames it looks like they do. But the dates are still backdated on them?Jim, any confirmation on the status?
Great, thanks for confirming!
The reason for the back date is because we did post new binaries on Aug-9, but didn't post the new installers until last night. That meant that existing users of the installers would get the latest updates posted on Aug-9 if they checked for updates through the mechanism of their existing install. Also, if new users installed the older version, at the end they would see there are updates available if they checked. The server we used to wrap the installers was down which caused the delay.
Ah, gotcha. That explains it.
Sorry for the trouble and we'll be much more proactive of letting everyone know if we have any difficulty in the future which I don't anticipate happening.
Thanks!