Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt

From: Martin Pitt <mpitt(at)debian(dot)org>
To: pgsql-bugs(at)postgresql(dot)org
Subject: Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Date: 2009-04-10 22:57:46
Message-ID: 20090410225746.GL3775@piware.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Peter Eisentraut [2009-04-10 22:46 +0300]:
> This whole debate hinges on the argument that encryption without anti-spoofing
> is *not* useful.

I don't disagree, but it is not *worse* than having no encryption at
all.

The reason why Debian/Ubuntu install a snakeoil SSL certificate and
configure all packages to use it by default is not because we think
that this default configuration is "secure" in any way. The reason is
that configuring it that way is that it becomes darn easy to make your
entire server with all daemons such as postgresql, postfix, dovecot,
etc. trusted by simply replacing that central certificate. You can
still configure individual services to use a different one.

Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2009-04-10 23:01:52 Re: libpq 8.4 beta1: $PGHOST complains about missing root.crt
Previous Message Ellen Strnod 2009-04-10 22:30:18 BUG #4755: lost graphical relationship between tables in DbVis w/ new PG release