On 9/18/06 2:00 PM, "Tom Lane" <[EMAIL PROTECTED]> wrote:
> Pascal Meunier <[EMAIL PROTECTED]> writes:
>> I asked MITRE to provide a CCE number for this issue (the CCE is a new
>> effort like the CVE, but for configuration issues instead of
>> vulnerabilities). I'll let you know if it happens.
> Trying to force us to change things by getting Mitre involved is a
> really really good way to get pushback. I think you just killed any
> chance of getting this idea adopted.
> regards, tom lane
Please forgive my chronic lack of tact, which is evident in my previous
email; it is one of my flaws. I've been involved in the CVE for a long
time, where the original idea was to give a number to every issue under
discussion (including ones that aren't confirmed -- those were candidates),
so getting a CCE number seemed a normal process to me. I also read your
previous email as a likely dismissal, and did not want you to be surprised
by seeing a CCE assigned to it. I'm sorry it offended you so much,
regardless of the outcome. Moreover, I'd rather be a carpet to the
PostgreSQL developers than be cited as the cause for a security improvement
not being made, due to having antagonized so much the developers. Please,
consider the issue and not the silly messenger.
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not