| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | David Christensen <david(dot)christensen(at)crunchydata(dot)com> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Andres Freund <andres(at)anarazel(dot)de>, Matthias van de Meent <boekewurm+postgres(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: [PATCHES] Post-special page storage TDE support |
| Date: | 2024-12-27 15:12:34 |
| Message-ID: | Z27D4oP-0DDvVFwu@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Dec 12, 2024 at 09:15:55AM -0600, David Christensen wrote:
> On Tue, Dec 10, 2024 at 12:54 AM Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> >
> > On Wed, Mar 13, 2024 at 11:26:48AM -0500, David Christensen wrote:
> > > Enclosing v4 for this patch series, rebased atop the
> > > constant-splitting series[1]. For the purposes of having cfbot happy,
> > > I am including the prerequisites as a squashed commit v4-0000, however
> > > this is not technically part of this series.
> >
> > The last update of this thread is from march 2024, with no replies and
> > no reviews. Please note that this fails in the CI so I'd suggest a
> > rebase for now, and I have marked the patch as waiting on author. If
> > there is a lack of interest, well..
>
> I can't say there is a lack of interest from the author per se :), but
> not really seeing much in the way of community engagement makes me
> think it's largely unwanted. I'd certainly be happy to rebase and
> reengage, but if it's not wanted at the conceptual level it doesn't
> seem worth the effort. It's hard to interpret lack of response as
> "don't care, fine" vs "don't want" vs "haven't looked, -hackers is a
> firehose".
The value of TDE is limited from a security value perspective, but high
on the list of security policy requirements. Our community is much more
responsive to actual value vs policy compliance value.
When I started focusing on TDE, it was going to require changes to
buffer reads/writes, WAL, and require a way to store secret keys. I
thought those changes would be acceptable given TDE's security value.
Once the file I/O changes were required, I think the balance tilted to
TDE requiring too many code changes given its security value (not policy
compliance value).
At least that is my analysis, and part of me wishes I was wrong. I know
there are several commercial forks of TDE, mostly because companies are
more sensitive to policy compliance value, which translates to monetary
value for them.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
Do not let urgent matters crowd out time for investment in the future.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vitaly Davydov | 2024-12-27 15:16:24 | Re: An improvement of ProcessTwoPhaseBuffer logic |
| Previous Message | Pavel Stehule | 2024-12-27 14:53:38 | Re: cannot to compile extension by meson on windows |