From: | Gurjeet Singh <gurjeet(at)singh(dot)im> |
---|---|
To: | Hannu Krosing <hannuk(at)google(dot)com> |
Cc: | Andres Freund <andres(at)anarazel(dot)de>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, Robert Pang <robertpang(at)google(dot)com> |
Subject: | Re: Hardening PostgreSQL via (optional) ban on local file system access |
Date: | 2022-06-25 00:26:41 |
Message-ID: | CABwTF4VG5zLbeFr_YE=TdxE6aqZ1zvT=3mHKpihn6iJad86mnA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
(fixed your top-posting)
On Fri, Jun 24, 2022 at 4:59 PM Hannu Krosing <hannuk(at)google(dot)com> wrote:
> On Sat, Jun 25, 2022 at 1:46 AM Gurjeet Singh <gurjeet(at)singh(dot)im> wrote:
> >
> > On Fri, Jun 24, 2022 at 4:13 PM Andres Freund <andres(at)anarazel(dot)de> wrote:
> > > On 2022-06-25 00:08:13 +0200, Hannu Krosing wrote:
> >
> > > > 3) should this be back-patched (we can provide batches for all
> > > > supported PgSQL versions)
> > >
> > > Err, what?
> >
> > Translation: Backpatching these changes to any stable versions will
> > not be acceptable (per the project versioning policy [1]), since these
> > changes would be considered new feature. These changes can break
> > installations, if released in a minor version.
> >
> > [1]: https://www.postgresql.org/support/versioning/
>
> My understanding was that unless activated by admin these changes
> would change nothing.
>
> And they would be (borderline :) ) security fixes
>
> And the versioning policy link actually does not say anything about
> not adding features to older versions (I know this is the policy, just
> pointing out the info in not on that page).
I wanted to be sure before I mentioned it, and also because I've been
away from the community for a few years [1], so I too searched the
page for any relevant mentions of the word "feature" on that page.
While you're correct that the policy does not address/prohibit
addition of new features in minor releases, but the following line
from the policy comes very close to saying it, without actually saying
it.
> ... PostgreSQL minor releases fix only frequently-encountered bugs, security issues, and data corruption problems to reduce the risk associated with upgrading ...
Like I recently heard a "wise one" recently say: "oh those [Postgres]
docs are totally unclear[,] but they're technically correct".
BTW, the "Translation" bit was for folks new to, or not familiar with,
community and its lingo; I'm sure you already knew what Andres meant
:-)
[1]: I'll milk the "I've been away from the community for a few years"
excuse for as long as possible ;-)
Best regards,
Gurjeet
http://Gurje.et
From | Date | Subject | |
---|---|---|---|
Next Message | Justin Pryzby | 2022-06-25 00:36:16 | Re: Add non-blocking version of PQcancel |
Previous Message | Andres Freund | 2022-06-25 00:18:10 | Re: [PATCH] Optimize json_lex_string by batching character copying |