Hi, Is anyone putting together Debian packages any longer? Scott Martin ----------------original message----------------- From: "Chris Travers" [email protected] To: [email protected] Date: Fri, 12 Mar 2010 09:02:53 -0800 ------------------------------------------------- > On Fri, Mar 12, 2010 at 8:27 AM, Armaghan Saqib [email protected] wrote: >> On Fri, Mar 12, 2010 at 11:31 AM, Chris Travers [email protected] >> wrote: >>>> I have recently seen a number of bug fix releases for LSMB 1.2 and was >>>> just wondering how long it is planned to keep providing fixes for LSMB >>>> 1.2 once 1.3 is released. >>> >>> Until PostgreSQL 8.0 is no longer supported. >> >> I am not familiar with postgres release/support cycle. Can somebody >> give me the idea how long 8.0 is supported? > > Another 1-2 years is likely. >> >> What I was thinking is that with all these fixes (and probably more in >> future) 1.2 branch will become extremely stable and should be an ideal >> choice for deployment at places where the feature rich future releases >> (1.3, 2.0) are not needed. > > 1.3 honestly has more important security features. Sometimes those > are relatively unimportant, but that's not often the case. Some > security issues with 1.2 are only things which can be mitigated, not > entirely fixed. With 1.3, we have the first release where it is > practical to fix any security issue reported. > >> >> And if I remember correctly 1.2 also works perfectly with 8.3 (8.4?) >> so why it is tied to 8.0? > > 1.2 should work with any version of at least 8.0 or higher. However, > the version has a number of issues which cannot be reasonably fixed > during a production branch. These include XSRF vulnerabilities, and > some HTML injection possibilities. While we have mitigated this risk > to the extent possible, fixing it requires substantial rewrites of > portions of the code. Furthermore, 1.2 has no real permissions > enforcement. > > These are probably OK in some circumstances, but the situation breaks > down quickly. > > 1.3 requires PostgreSQL 8.1 because we use features from that version > to manage and enforce permissions. Once PostgreSQL 8.0 is fully > retired, I think it will be hard to justify installing something > which, as secure as we have made it all things considered, still falls > short in a number of important ways. I would expect 2.0 (at least in > a minimalist form) to be out before 1.2 is retired entirely. For > folks who don't need lots of features, a minimalist installation of > 2.0 may be the way to go. > > Best Wishes, > Chris Travers > > > -------------------------------------------------------------------- > ---------- > Download IntelĀ® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Ledger-smb-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/ledger-smb-users >
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Ledger-smb-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-users
