| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, Michael Banck <mbanck(at)gmx(dot)net>, Devrim Gündüz <devrim(at)gunduz(dot)org>, Joe Conway <mail(at)joeconway(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Security lessons from liblzma |
| Date: | 2024-04-01 20:59:51 |
| Message-ID: | ZgsgR88DpJ-adS75@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Apr 1, 2024 at 03:17:55PM -0400, Tom Lane wrote:
> Bruce Momjian <bruce(at)momjian(dot)us> writes:
> > I was more asking if users have access to patches so they could recreate
> > the build by using the Postgres git tree and supplied OS-specific
> > patches.
>
> AFAIK, every open-source distro makes all the pieces needed to
> rebuild their packages available to users. It wouldn't be much
> of an open-source situation otherwise. You do have to learn
> their package build process.
I wasn't clear if all the projects provide a source tree that can be
verified against the project's source tree, and then independent
patches, or if the patches were integrated and therefore harder to
verify against the project source tree.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
Only you can decide what is important to you.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-04-01 21:00:11 | Re: On disable_cost |
| Previous Message | Bruce Momjian | 2024-04-01 20:58:07 | Re: Security lessons from liblzma |