From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
---|---|
To: | Michael Banck <mbanck(at)gmx(dot)net> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Josh Berkus <josh(at)agliodbs(dot)com>, Volker Aßmann <volker(dot)assmann(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Disabling trust/ident authentication configure option |
Date: | 2015-05-20 22:31:58 |
Message-ID: | 20150520223158.GL5885@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Michael Banck wrote:
> On Wed, May 20, 2015 at 02:10:30PM -0400, Tom Lane wrote:
> > One reason why it would not be, if it's a build-time decision,
> > is that it's quite unlikely that any popular packagers would build
> > that way. So this would only be applicable to custom-built binaries,
> > which is a pretty small class of users to begin with.
>
> There might be appliance vendors who ship PostgreSQL along with their
> product. Then, they decide they want to use the pristine tarballs for
> reproducibility and accountability. If done right, they could publish
> their set of configure options and a build-id or whatever, and 3rd
> parties could verify the binaries they ship have not been tampered
> with[1]. Granted, they could also just publish the patch for those 3rd
> parties to apply as well, but that sounds slightly inelegant.
I don't think you can mix "elegance" and "appliance vendor" in the same
sentence with a straight face, so while I agree that in theory this
might be true, in reality this functionality would seldom be used for
this.
> The other set of users I could think of are those who, for whatever
> reason, tend to always compile PostgreSQL from source for their
> company/organization. Maybe they have internal rules that requires a
> custom installation prefix for all their servers or whatever. Due to
> procedural requirements, or just the unwillingness to carry deltas, they
> absolutely want to use the pristine tarballs as well but would be very
> happy to get rid of some of the authentication methods.
Right. That's the set of users that Josh B says is only comprised of
Volker (the OP).
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2015-05-20 23:03:26 | Re: Disabling trust/ident authentication configure option |
Previous Message | Peter Geoghegan | 2015-05-20 22:21:49 | Re: Re: [COMMITTERS] pgsql: Add support for INSERT ... ON CONFLICT DO NOTHING/UPDATE. |