|From:||Antonin Houska <ah(at)cybertec(dot)at>|
|To:||Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>|
|Cc:||Shawn Wang <shawn(dot)wang(at)highgo(dot)ca>, pgsql-hackers(at)lists(dot)postgresql(dot)org, Ants Aasma <ants(dot)aasma(at)eesti(dot)ee>|
|Subject:||Re: WIP: Data at rest encryption|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> wrote:
> On 2019-Aug-02, Shawn Wang wrote:
> > Hi Antonin,
> > It is very glad to see the new patch. I used the public patches a long time ago.
> > I did some tests like the stream replication, much data running, temporary files encryption.
> > I found that there is an issue in the src/backend/storage/file/encryption.c. You should put block_size = EVP_CIPHER_CTX_block_size(ctx); under the #ifdef USE_ASSERT_CHECKING.
> > There is some problem to merge your patches to the latest kernel in the pg_ctl.c.
> Is a new, fixed version going to be posted soon? It's been a while.
> Also, apologies if this has been asked before, but: how does this patch
> relate to the stuff being discussed in
> https://firstname.lastname@example.org ?
This thread started later than our effort but important design questions are
being discussed there. So far there seems to be no consensus whether
full-instance encryption should be implemented first, so any effort spent on
this patch might get wasted. When/if there will be an agreement on the design,
we'll see how much of this patch can be used.
|Next Message||Stephen Frost||2019-09-04 05:25:25||Re: Proposal: roll pg_stat_statements into core|
|Previous Message||Michael Paquier||2019-09-04 04:36:52||Re: Re: Email to hackers for test coverage|