Re: Security lessons from liblzma

On Thu, Apr 4, 2024 at 10:56:01PM +0200, Daniel Gustafsson wrote:
> > On 4 Apr 2024, at 22:47, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> >
> > Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> >> On Thu, Apr 4, 2024 at 4:25 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> >>> I don't disagree, like I said that very email: it's non-trivial and I wish we
> >>> could make it better somehow, but I don't hav an abundance of good ideas.
> >
> >> Is the basic issue that we can't rely on the necessary toolchain to be
> >> present on every machine where someone might try to build PostgreSQL?
> >
> > IIUC, it's not really that, but that regenerating these files is
> > expensive; multiple seconds even on fast machines. Putting that
> > into tests that are run many times a day is unappetizing.
>
> That's one aspect of it. We could cache the results of course to amortize the
> cost over multiple test-runs but at the end of the day it will add time to
> test-runs regardless of what we do.
>
> One thing to consider would be to try and rearrange/refactor the tests to
> require a smaller set of keys and certificates. I haven't looked into what
> sort of savings that could yield (if any) but if we go the route of
> regeneration at test-time we shouldn't leave potential savings on the table.

Rather then everyone testing it on every build, couldn't we have an
automated test every night that checked binary files.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

Only you can decide what is important to you.