| From: | Álvaro Herrera <alvherre(at)kurilemu(dot)de> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Aleksander Alekseev <aleksander(at)tigerdata(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Peter Eisentraut <peter(at)eisentraut(dot)org> |
| Subject: | Re: change default default_toast_compression to lz4? |
| Date: | 2025-11-22 13:11:56 |
| Message-ID: | 202511221308.a23s6ktuvktq@alvherre.pgsql |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2025-Nov-21, Daniel Gustafsson wrote:
> > On 21 Nov 2025, at 12:33, Aleksander Alekseev <aleksander(at)tigerdata(dot)com> wrote:
>
> > Are there good reasons why we can't simply make lz4 a required
> > dependency? In the worst case we could simply copy its implementation,
> > the license permits.
>
> I think we should, as much as we can, avoid vendoring code, especially
> something like lz4 which can be expected to be available nearly everywhere.
Yeah. There's the security aspect: if lz4 is found to have a security
bug, we would be obliged to issue an advisory and matching release.
It's best if the library code is kept separate, so their own security
advisory is enough.
--
Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Jones | 2025-11-22 13:16:36 | Re: Add notification on BEGIN ATOMIC SQL functions using temp relations |
| Previous Message | Dilip Kumar | 2025-11-22 13:07:36 | Re: another autovacuum scheduling thread |