Skip site navigation (1) Skip section navigation (2)

Re: libpq 8.4 beta1: $PGHOST complains about missingroot.crt

From: Martin Pitt <mpitt(at)debian(dot)org>
To: pgsql-bugs(at)postgresql(dot)org
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missingroot.crt
Date: 2009-04-10 22:57:46
Message-ID: 20090410225746.GL3775@piware.de (view raw or flat)
Thread:
Lists: pgsql-bugs
Peter Eisentraut [2009-04-10 22:46 +0300]:
> This whole debate hinges on the argument that encryption without anti-spoofing 
> is *not* useful.

I don't disagree, but it is not *worse* than having no encryption at
all.

The reason why Debian/Ubuntu install a snakeoil SSL certificate and
configure all packages to use it by default is not because we think
that this default configuration is "secure" in any way. The reason is
that configuring it that way is that it becomes darn easy to make your
entire server with all daemons such as postgresql, postfix, dovecot,
etc. trusted by simply replacing that central certificate. You can
still configure individual services to use a different one.

Martin
-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)

In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2009-04-10 23:01:52
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Previous:From: Ellen StrnodDate: 2009-04-10 22:30:18
Subject: BUG #4755: lost graphical relationship between tables in DbVis w/ new PG release

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group