Hi, Red Hat Inc's Information Security Team has recently contacted us about a possible security issue with a previous PostgreSQL RPM repository.
A few years ago, when the project first started, the project used the pgsqlrpms.org domain, which was first replaced by pgrpms.org, and the replaced with the final location: yum.postgresql.org . During these transitions, we made a lot of effort to make our users comfortable, such as auto-updating the repo URL. However, there are a lot of articles on the Internet that still point to the old URLs. pgrpms.org is scheduled to be managed by the PostgreSQL NPO in Canada, so it will stay as a community domain. However, pgsqlrpms.org is not under our control anymore. All the links currently return OK, but someone may one day place malware on the site, resulting in a security breach. So, if you are the YUM repo user, and are still using the very old domain name, please update the repository RPM as soon as possible: http://yum.postgresql.org/repopackages.php If you want to verify that you are using the correct repository/packages, please use this GPG key to verify your packages: https://www.postgresql.org/download/keys/RPM-GPG-KEY-PGDG Feel free to contact me for any questions. Regards, -- Devrim GÜNDÜZ PostgreSQL Community RPM Developer
signature.asc
Description: This is a digitally signed message part
