Re: PG 18 release notes draft committed

On Sun, May 4, 2025 at 11:49:47AM +0200, Jelte Fennema-Nio wrote:
> On Fri, 2 May 2025 at 04:45, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> > I have committd the first draft of the PG 18 release notes.
>
> Some suggestions for additional commits to list for the items in the changelog:
> 1. I think 5070349102af12832c8528651c8ed18b16346323 should be listed
> as a commit for "Add libpq connection parameters and environment
> variables...". This commit contains a major part of the change that
> allows supporting multiple protocol versions client side.

Added.

> 2. I think 9d9b9d46f3c509c722ebbf2a1e7dc6296a6c711d &
> 09be39112654c3f158098fdb5f820143c0330763 should be listed as a commits
> for "Make cancel request keys 256 bits". These commits contain crucial
> parts of that change. This would also put me in there as one of the
> co-authors for this item.

I added the first commit but the second one is:

commit 09be3911265
Author: Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi>
Date: Wed Apr 2 15:32:40 2025 +0300

Add timingsafe_bcmp(), for constant-time memory comparison

timingsafe_bcmp() should be used instead of memcmp() or a naive
for-loop, when comparing passwords or secret tokens, to avoid leaking
information about the secret token by timing. This commit just
introduces the function but does not change any existing code to use
it yet.

Co-authored-by: Jelte Fennema-Nio <github-tech(at)jeltef(dot)nl>
Discussion: https://www.postgresql.org/message-id/7b86da3b-9356-4e50-aa1b-56570825e234@iki.fi

which is either the wrong commit hash or too far away from the item
description to be added.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

Do not let urgent matters crowd out time for investment in the future.