> -----Original Message----- > From: Neil Conway [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 20, 2002 1:44 PM > To: Vince Vielhaber > Cc: [EMAIL PROTECTED] > Subject: Re: [HACKERS] @(#)Mordred Labs advisory 0x0003: > Buffer overflow in PostgreSQL (fwd) > > > Vince Vielhaber <[EMAIL PROTECTED]> writes: > > Here's yet another. > > Should someone from the core team perhaps get in contact with > this guy and ask if he could get in contact with the > development team before publicizing any further security > holes? AFAIK that is standard operating procedure in most cases...
As long as we continue to find out about them, I would just let him work away. He is clearly an excellent tester, and if you had to hire him it would be very expensive. As long as he is producing results of such great value, I think it is wonderful. > Second, it might be worth pushing a 7.2.2 release containing > the fix for this bug, as well as the datetime problem. If > that sounds reasonable to the people who have to do the most > work on a new release (e.g. Marc), I can volunteer to > backport a fix for the datetime problem. Bugs that cause a catastrophic error (e.g. "crash" of the database engine, causing loss of data) should have the highest priority. Call them category zero. Bugs that cause incorrect results should have the next highest priority. Call them category one. Bugs that are minor annoyances (e.g. "appearance" such as a misspelled word in a help file) should be low priority. Bugs that are only suggestions for improvements should have the lowest priority. All known category zero and one bugs should be fixed before each and every new release. IMO-YMMV. ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
