From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
---|---|
To: | "Inoue, Hiroshi" <inoue(at)tpf(dot)co(dot)jp>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Dave Page <dpage(at)pgadmin(dot)org> |
Cc: | "pgsql-odbc(at)postgresql(dot)org" <pgsql-odbc(at)postgresql(dot)org> |
Subject: | Re: Need new psqlODBC release to update OpenSSL again |
Date: | 2014-06-06 09:51:26 |
Message-ID: | 53918F1E.9020400@vmware.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-odbc |
On 06/06/2014 07:16 AM, Inoue, Hiroshi wrote:
> All package files at http://www.postgresql.org/ftp/odbc/versions
> /msi(mm or dll) may contain old openssl dlls. If the dlls are so
> risky, shoudn't we remove the package files?
Well, you're only at risk if you use SSL. Old versions can be very
useful for debugging. If an application used to work correctly with an
old version, but doesn't with a new version, it's very useful to try all
the versions in between to see which exact version broke it.
It would be good to add a notice to the download page though:
NOTE: Old installers contain old versions of the OpenSSL and libpq
libraries, which contain known security vulnerabilities. They are here
for reference purposes only. For production use, always use the latest
version.
- Heikki
From | Date | Subject | |
---|---|---|---|
Next Message | Devrim Gündüz | 2014-06-06 09:58:30 | Re: Need new psqlODBC release to update OpenSSL again |
Previous Message | Dave Page | 2014-06-06 08:25:45 | Re: Need new psqlODBC release to update OpenSSL again |