| From: | Andres Freund <andres(at)2ndquadrant(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Supporting Windows SChannel as OpenSSL replacement |
| Date: | 2014-06-09 14:22:21 |
| Message-ID: | 20140609142221.GE3149@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 2014-06-09 10:18:40 -0400, Tom Lane wrote:
> Does SChannel have a better security track record than OpenSSL? Or is
> the point here just that we can define it as not our problem when a
> vulnerability surfaces?
Well, it's patched as part of the OS - so no new PG binaries have to be
released when it's buggy.
> I'm doubtful that we can ignore security issues affecting PG just because
> somebody else is responsible for shipping the fix, and thus am concerned
> that if we support N different SSL libraries, we will need to keep track
> of N sets of vulnerabilities instead of just one.
In most of the cases where such a issue exists it'll primarily affect
binary distributions that include the ssl library - and those will only
pick one anyway.
Greetings,
Andres Freund
--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2014-06-09 14:26:30 | Re: Allowing join removals for more join types |
| Previous Message | Andres Freund | 2014-06-09 14:19:34 | Re: Inaccuracy in VACUUM's tuple count estimates |