PostgreSQL 對 security update 的極端作法...

Hacker News 文摘上看到,PostgreSQL 決定對這次的 security update 採取最極端的作法:「Extra security measures for next week's releases」。

包括全面管制 Git repository 公開資訊:官方的 Git repository 將會在正式釋出修正前限制只有 committer 可以存取,並且暫停 GitHub 以及其他 git mirror 權限。

另外 mailing list 也受到管制,包括了 src commit log 以及 document commit log。

信件開頭就提到這次安全性漏洞足以說服 PostgreSQL 的人採取最極端的作法,避免在有修正方案前造成漏洞洩漏出來被使用:

The core committee has decided that one of the security issues due to be fixed next week is sufficiently bad that we need to take extra measures to prevent it from becoming public before packages containing the fix are available. (This is a scenario we've discussed before, but never had to actually implement.)

不過這反而讓人更關注,甚至上了 Hacker News 熱門榜...

One thought on “PostgreSQL 對 security update 的極端作法...”

Leave a Reply

Your email address will not be published. Required fields are marked *