| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | David Steele <david(at)pgmasters(dot)net>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Allow root ownership of client certificate key |
| Date: | 2022-03-01 00:31:53 |
| Message-ID: | 20220301003153.GP10577@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> David Steele <david(at)pgmasters(dot)net> writes:
> > Any thoughts on back-patching at least the client portion of this?
> > Probably hard to argue that it's a bug, but it is certainly painful.
>
> I'd be more eager to do that if we had some field complaints
> about it. Since we don't, my inclination is not to, but I'm
> only -0.1 or so; anybody else want to vote?
This patch was specifically developed in response to field complaints
about it working differently, so there's that. Currently it's being
worked around in the container environments by copying the key from the
secret that's provided to a temporary space where we can modify the
privileges, but that's pretty terrible. Would be great to be able to
get rid of that in favor of being able to use it directly.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2022-03-01 00:46:32 | Re: Showing I/O timings spent reading/writing temp buffers in EXPLAIN |
| Previous Message | Euler Taveira | 2022-03-01 00:18:31 | Re: logical replication restrictions |