Michael Paquier <[email protected]> wrote on 04/02/2019 01:05:01 AM:
> From: Michael Paquier <[email protected]> > To: "Jonathan S. Katz" <[email protected]> > Cc: Tom Lane <[email protected]>, Magnus Hagander > <[email protected]>, Daniel Verite <[email protected]>, > pgsql-general <[email protected]> > Date: 04/02/2019 01:05 AM > Subject: Re: CVE-2019-9193 about COPY FROM/TO PROGRAM > > On Mon, Apr 01, 2019 at 10:04:32AM -0400, Jonathan S. Katz wrote: > > +1, though I’d want to see if people get noisier about it before we rule > > out an official response. > > > > A blog post from a reputable author who can speak to security should > > be good enough and we can make noise through our various channels. > > Need a hand? Not sure if I am reputable enough though :) > > By the way, it could be the occasion to consider an official > PostgreSQL blog on the main website. News are not really a model > adapted for problem analysis and for entering into technical details. A blog post would be nice, but it seems to me have something about this clearly in the manual would be best, assuming it's not there already. I took a quick look, and couldn't find anything. Brad
