Skip site navigation (1) Skip section navigation (2)

Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Bruce Momjian <bruce(at)momjian(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, "pgsql-bugs(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org>, Martin Pitt <mpitt(at)debian(dot)org>
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date: 2009-04-20 14:26:58
Message-ID: 5499.1240237618@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> Patch also changes the default from "prefer" to "disable", per discussion.

I confess to not having paid attention to this thread for awhile.
I have to violently object to this conclusion --- it is throwing the
baby out with the bathwater.  Under the pretense of being "secure by
default" it will in fact make things *less* secure.  A minimum
requirement in my view is that existing configurations should continue
to work and be no less secure than before.  Having a connection that
was encrypted in 8.3 silently become clear-text after installing 8.4
is just plain NOT acceptable.

I think the patch would be fine if we simply keep the default where
it is, however.  Is there some point I am missing that compels
selection of a less-secure default?

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Magnus HaganderDate: 2009-04-20 14:32:24
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Previous:From: Peter EisentrautDate: 2009-04-20 14:01:00
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group