| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Marko Kreen <markokr(at)gmail(dot)com>, Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Subject: | Re: ecdh support causes unnecessary roundtrips |
| Date: | 2026-02-20 16:07:42 |
| Message-ID: | 2902430.1771603662@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>> On 20 Feb 2026, at 15:58, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> and then people wanting to test on FIPS platforms could just add
>> -DPG_FIPS_COMPLIANT to their build recipes.
> I don't think we will gain much testing that way. My proposal is to ensure
> that the tests always pass with FIPS enabled coupled with a patch, which Bilal
> is currently working on, to switch one of the CI jobs to use a FIPS enabled
> OpenSSL so that we get ongoing testing of such configurations.
My concern about the fix you suggest is that we won't be testing the
same thing that people in the field will be using. Admittedly, any
discrepancy would probably be OpenSSL's bug not ours, but that doesn't
make it a good thing. I'd rather test the normal configuration
normally and make people who want to run the test on a FIPS platform
do something different.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexandre Felipe | 2026-02-20 16:58:38 | Re: Regression failures after changing PostgreSQL blocksize |
| Previous Message | Andres Freund | 2026-02-20 16:02:49 | Re: Adding locks statistics |