From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Tom Kincaid <tomjohnkincaid(at)gmail(dot)com> |
Cc: | Andres Freund <andres(at)anarazel(dot)de>, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com> |
Subject: | Re: Key management with tests |
Date: | 2021-01-25 19:18:05 |
Message-ID: | 20210125191805.GD27081@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Jan 18, 2021 at 05:47:34PM -0500, Tom Kincaid wrote:
> I met with Bruce and Stephen this afternoon to discuss the feedback
> we received so far (prior to Robert's note which I haven't fully
> digested yet)
> on this patch.
>
> Here is what we plan to do:
>
> 1) Bruce is going to gather all the details from the Wiki and build a
> README for the TDE Key Management patch. In addition, it will include
> details about the implementation, the data structures involved and the
> locks that are taken and general technical implementation approach.
...
> Could we get feedback if this feels like enough to get this patch
> (which will include just the Key Management portion of TDE) to a state
> where it can be reviewed and assuming the review issues are resolved
> with consensus be committed?
Attached is an updated patch that has the requested changes:
* broken into seven parts
* test script converted from shell to Perl
* added README for every new directory
* moved text from wiki to READMEs where appropriate
* included Robert's suggestions, including the ability to add
future non-AES crypto methods
* fixes for pg_alterckey PGDATA arg processing
The patch is attached, and is also here:
https://github.com/postgres/postgres/compare/master...bmomjian:key.patch
Questions:
* What changes do people want to this patch set?
* Do we want it applied, even though it might need to be hidden for PG
14?
* If not, how do people build on this patch? Using the commitfest
links or github URL?
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee
Attachment | Content-Type | Size |
---|---|---|
1-crypto.diff.gz | application/gzip | 9.4 KB |
2-backend.diff.gz | application/gzip | 6.2 KB |
3-common.diff.gz | application/gzip | 9.0 KB |
4-pg_alterckey.diff.gz | application/gzip | 8.1 KB |
5-bin.diff.gz | application/gzip | 9.3 KB |
6-test.diff.gz | application/gzip | 82.5 KB |
7-key.diff | text/x-diff | 7.9 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Jacob Champion | 2021-01-25 19:31:16 | Re: Fixing cache pollution in the Kerberos test suite |
Previous Message | Anastasia Lubennikova | 2021-01-25 19:14:43 | Re: pg_upgrade fails with non-standard ACL |