| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | pgsql-bugs(at)postgresql(dot)org, Stephen Gran <sgran(at)debian(dot)org>, DSA list <debian-admin(at)lists(dot)debian(dot)org> |
| Subject: | Re: libpq: system-wide root.crt |
| Date: | 2010-09-23 16:31:33 |
| Message-ID: | 9721.1285259493@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Thu, Aug 19, 2010 at 23:11, Martin Pitt <mpitt(at)debian(dot)org> wrote:
>>> I received a request to support system-wide root certificates in
>>> libpq.
> I wonder if we want to have a default value for this rather than
> disabling it when it's not specified by configure. But is there any
> kind of reasonable default that's not going to be
> platform/distribution specific?
Given the potential security issues, I would argue very strenuously
that this should NOT be enabled by default. It should happen only
if the option is requested at configure time, and configure should
be told the exact path where to look for certs.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-09-23 18:08:18 | Re: BUG #5673: Optimizer creates strange execution plan leading to wrong results |
| Previous Message | David Schmitt | 2010-09-23 16:22:11 | Re: BUG #5673: Optimizer creates strange execution plan leading to wrong results |