| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "David E(dot) Wheeler" <david(at)kineticode(dot)com> |
| Cc: | Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, jd(at)commandprompt(dot)com, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Safe security |
| Date: | 2010-03-08 17:14:14 |
| Message-ID: | 19881.1268068454@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"David E. Wheeler" <david(at)kineticode(dot)com> writes:
> On Mar 8, 2010, at 8:03 AM, Tom Lane wrote:
>> #3 is still an absolute nonstarter, especially for a patch that we'd
>> wish to backpatch.
> You're at least going to want to exclude Safe 2.20 - 2.23, IIUC.
If those aren't versions that are likely to be in wide use, no objection
to that. I'm just concerned about arbitrarily breaking existing
installations. I note that Fedora 11 and OS X 10.6.2 are providing Safe
2.12, which means the proposed patch would break plperl on every machine
I have, without easy recourse --- I am not likely to install a private
version of Safe under either OS, and I doubt many other PG users would
wish to either. The net effect would be to prevent PG users from
upgrading until the OS vendors get around to issuing new versions,
which is not helpful. Particularly if the vendor chooses to back-patch
Safe security fixes without bumping the visible version number, as is
not unlikely for Red Hat in particular.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hitoshi Harada | 2010-03-08 17:14:46 | Re: SQL compatibility reminder: MySQL vs PostgreSQL |
| Previous Message | David Fetter | 2010-03-08 17:10:02 | Re: SQL compatibility reminder: MySQL vs PostgreSQL |