| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Nazir Bilal Yavuz <byavuz81(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Noah Misch <noah(at)leadboat(dot)com> |
| Subject: | Re: 'Bad file descriptor: dup2( 1, 2 )' error on MacOS CI tasks |
| Date: | 2026-04-01 15:36:14 |
| Message-ID: | CAOYmi+kuxWPBte3R3azvXg8K-tvEX1WNoYHt1+R9N8GWTAGkkA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Apr 1, 2026 at 6:58 AM Andres Freund <andres(at)anarazel(dot)de> wrote:
> I'm afraid the guy maintaining both IPC::Run [1] and IO::Tty has gone all in on AI
> authored code. Both IPC::Run and IO::Tty have seen more merges in the last
> week than in the 5 years before. Stuff getting merged left and right, with
> failing tests to boot.
>
> If I wanted to do a supply chain attack on postgres, this would be the
> way. Hijack IPC::Run, edit the commits locally on a committers machine before
> push, to add a backdoor, celebrate.
I did consider locking the exact version of IPC::Run during the NetBSD
flake debacle [1], but abandoned it after the cross-platform pain... I
believed signature verification was "good enough" at the time. Should
we reconsider?
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2026-04-01 15:49:15 | Re: 'Bad file descriptor: dup2( 1, 2 )' error on MacOS CI tasks |
| Previous Message | Andreas Karlsson | 2026-04-01 15:34:56 | Minor cleanup of Meson files given that we require 0.57 |