Josh Berkus <josh@xxxxxxxxxxxx> writes: >> We don't really have an official security contact. The next best thing >> is to send such reports to pgsql-core, which is not an open list, but >> will reach a good chunk of those with an interest in fixing such >> problems. > Is there any reason not to set up a "security@xxxxxxxxxxxxxx" mail alias? Probably not --- Marc, do you want to do that (and make it point to pgsql-core for now)? I was just in the middle of adding notes to problems.sgml and bug.template to tell people to send security issues to pgsql-core, but I can make it say security@ instead. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
