From: | Alex Hunsaker <badalex(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, jd(at)commandprompt(dot)com, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Safe security |
Date: | 2010-03-08 18:11:07 |
Message-ID: | 34d269d41003081011h27c4e118lea1f2bfca33f17cf@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Mar 8, 2010 at 09:03, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com> writes:
>> 3. requires Safe 2.25 (which has assorted fixes, including security).
> #3 is still an absolute nonstarter, especially for a patch that we'd
> wish to backpatch.
FWIW I think its a given you probably always want the latest version
of X or Y. I mean what happens when Safe 2.26 comes out and fixes
more issues? We blacklist 2.25? Seems like a PITA. Why not just
have something in the docs about keeping your stuff up2date?
That being said I would be in favor of at least saying "Hey! your
using a known broken version of Safe". Maybe something like the below
at pl_perl init time? (That is instead of requiring >v2.25 just
complain about older versions)
elog(WARNING, "Safe versions before 2.25 have known issues. Please
consider upgrading.");
Thoughts?
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2010-03-08 20:16:04 | Re: Safe security |
Previous Message | Andrew Dunstan | 2010-03-08 18:07:48 | Re: SQL compatibility reminder: MySQL vs PostgreSQL |