Re: Should we back-patch SSL renegotiation fixes?

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Andres Freund <andres(at)anarazel(dot)de>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Should we back-patch SSL renegotiation fixes?
Date: 2015-06-26 13:53:30
Message-ID: CA+TgmoYeiGkcMH_iM0PuP9W7PFekgH5eAQgtdW4=qtHD-2WFog@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, Jun 25, 2015 at 8:03 AM, Andres Freund <andres(at)anarazel(dot)de> wrote:
>> I don't accept the argument that there are not ways to tell users
>> about things they might want to do.
>
> We probably could do that. But why would we want to? It's just as much
> work, and puts the onus on more people?

Because it doesn't force a behavior change down everyone's throat.

If it were just a question of back-porting fixes, even someone
invasive ones, well, maybe that's what we have to do; that's pretty
much exactly what we are planning to do for the MultiXact case, but
according to Heikki, this is broken even in master and can't really be
fixed unless and until OpenSSL gets their act together. That's a hard
argument to argue with, and I think I'm on board with it.

But as a general point, we should be very reluctant to force behavior
changes on our users in released branches, because users don't like
that. When there are reasonable alternatives to doing that, we should
choose them. If we have no other reasonable choice here, so be it.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2015-06-26 13:55:17 Re: Nitpicking: unnecessary NULL-pointer check in pg_upgrade's controldata.c
Previous Message Marco Nenciarini 2015-06-26 13:50:41 Re: [BUGS] BUG #13473: VACUUM FREEZE mistakenly cancel standby sessions