From: | Martin Pitt <mpitt(at)debian(dot)org> |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
Date: | 2009-04-10 22:57:46 |
Message-ID: | 20090410225746.GL3775@piware.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Peter Eisentraut [2009-04-10 22:46 +0300]:
> This whole debate hinges on the argument that encryption without anti-spoofing
> is *not* useful.
I don't disagree, but it is not *worse* than having no encryption at
all.
The reason why Debian/Ubuntu install a snakeoil SSL certificate and
configure all packages to use it by default is not because we think
that this default configuration is "secure" in any way. The reason is
that configuring it that way is that it becomes darn easy to make your
entire server with all daemons such as postgresql, postfix, dovecot,
etc. trusted by simply replacing that central certificate. You can
still configure individual services to use a different one.
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2009-04-10 23:01:52 | Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt |
Previous Message | Ellen Strnod | 2009-04-10 22:30:18 | BUG #4755: lost graphical relationship between tables in DbVis w/ new PG release |