| From: | Christoph Berg <myon(at)debian(dot)org> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Nicolas Guini <nicolasguini(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Damian Quiroga <qdamian(at)gmail(dot)com> |
| Subject: | Re: PostgreSQL - Weak DH group |
| Date: | 2017-07-13 17:10:37 |
| Message-ID: | 20170713171036.6vviogetn24go5rj@msg.df7cb.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Re: Alvaro Herrera 2017-07-13 <20170713170402(dot)74uuoivrgd3c6tnw(at)alvherre(dot)pgsql>
> > > Objections to committing this now, instead of waiting for v11?
> >
> > But I am -1 for the sneak part. It is not the time to have a new
> > feature in 10, the focus is to stabilize.
>
> But if we were treating it as a security issue, would we backpatch it?
> If we do, then it definitely makes sense to put something in pg10. I'm
> not sure that this patch is it, though -- perhaps it makes sense to put
> a minimal fix in older branches, and let the new feature wait for pg11?
Making it user-configurable seems pretty minimal to me. Everything
else would probably require lengthy explanations about which file
could hold which contents, and this confusion seems to be part of the
problem.
Fwiw, wouldn't it make sense to recreate the default 2048 DH group as
well, maybe each time a new major is branched?
Christoph
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2017-07-13 17:17:33 | Re: PostgreSQL - Weak DH group |
| Previous Message | Amit Khandekar | 2017-07-13 17:09:42 | Re: UPDATE of partition key |