| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | "pbj(at)cmicdo(dot)com" <pbj(at)cmicdo(dot)com>, "pgsql-www(at)lists(dot)postgresql(dot)org" <pgsql-www(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Relative security of Community repos and packages |
| Date: | 2021-07-28 18:57:14 |
| Message-ID: | 1e552498-c43c-1c2c-ede9-53bff2e2faaf@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On 7/28/21 11:26 AM, pbj(at)cmicdo(dot)com wrote:
> I hope this is the right group for this question:
>
> Currently involved in a discussion about security of Postgres packages
> from various sources. I'm strongly advocating that we get our packages
> directly from PGDG.
>
> Would Postgres packages from Red Hat repos (and I guess we could include
> EDB, 2nd Quadrant, Crunchy...) be considered more secure from being
> hacked than those from the PGDG repos?
I would think the weak point would be:
https://www.postgresql.org/ftp/source/
as I am pretty sure that is where packagers pull the starting code from.
>
> Thanks,
> PJ
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christophe Pettus | 2021-07-28 20:24:59 | Re: Relative security of Community repos and packages |
| Previous Message | pbj@cmicdo.com | 2021-07-28 18:26:14 | Relative security of Community repos and packages |