| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Peter Eisentraut <peter(at)eisentraut(dot)org>, Andres Freund <andres(at)anarazel(dot)de>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Security lessons from liblzma |
| Date: | 2024-04-05 13:23:43 |
| Message-ID: | CA+TgmoYjxWVDUhYE+6MXs9V3NTqH50+wAs50E3goAr4VaTdtbA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Apr 4, 2024 at 4:48 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> AFAIK we haven't historically enforced that installations have the openssl
> binary in PATH, but it would be a pretty low bar to add. The bigger issue is
> likely to find someone to port this to Windows, it probably won't be too hard
> but as with all things building on Windows, we need someone skilled in that
> area to do it.
I wonder how hard it would be to just code up our own binary to do
this. If it'd be a pain to do that, or to maintain it across SSL
versions, then it's a bad plan and we shouldn't do it. But if it's not
that much code, maybe it'd be worth considering.
I'm also sort of afraid that we're getting sucked into thinking real
hard about this SSL certificate issue rather than trying to brainstorm
all the other places that might be problematic. The latter might be a
more fruitful exercise (or maybe not, what do I know?).
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Matthias van de Meent | 2024-04-05 13:29:59 | Re: Add bump memory context type and use it for tuplesorts |
| Previous Message | Dmitry Dolgov | 2024-04-05 13:21:06 | Re: broken JIT support on Fedora 40 |