| From: | Christophe Pettus <xof(at)thebuild(dot)com> |
|---|---|
| To: | pbj(at)cmicdo(dot)com |
| Cc: | "pgsql-www(at)lists(dot)postgresql(dot)org" <pgsql-www(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Relative security of Community repos and packages |
| Date: | 2021-07-28 20:24:59 |
| Message-ID: | 68B44B4E-1C13-4262-9F6F-C79601C72102@thebuild.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
> On Jul 28, 2021, at 11:26, pbj(at)cmicdo(dot)com wrote:
> Currently involved in a discussion about security of Postgres packages from various sources. I'm strongly advocating that we get our packages directly from PGDG.
>
> Would Postgres packages from Red Hat repos (and I guess we could include EDB, 2nd Quadrant, Crunchy...) be considered more secure from being hacked than those from the PGDG repos?
While I have nothing bad to say about the other repo sources, every other repo (AFAIK) pulls from the community repos, so there's no reason that they would be *more* security than the community sources. The Infra team takes build chain and hosting security very seriously, and I would say that you are as safe with the community repos as you would be with any other source.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2021-07-28 21:02:55 | Re: Relative security of Community repos and packages |
| Previous Message | Adrian Klaver | 2021-07-28 18:57:14 | Re: Relative security of Community repos and packages |