Re: Safe security
| От | Tom Lane |
|---|---|
| Тема | Re: Safe security |
| Дата | |
| Msg-id | 19881.1268068454@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Safe security ("David E. Wheeler" <david@kineticode.com>) |
| Ответы |
Re: Safe security
Re: Safe security |
| Список | pgsql-hackers |
"David E. Wheeler" <david@kineticode.com> writes:
> On Mar 8, 2010, at 8:03 AM, Tom Lane wrote:
>> #3 is still an absolute nonstarter, especially for a patch that we'd
>> wish to backpatch.
> You're at least going to want to exclude Safe 2.20 - 2.23, IIUC.
If those aren't versions that are likely to be in wide use, no objection
to that. I'm just concerned about arbitrarily breaking existing
installations. I note that Fedora 11 and OS X 10.6.2 are providing Safe
2.12, which means the proposed patch would break plperl on every machine
I have, without easy recourse --- I am not likely to install a private
version of Safe under either OS, and I doubt many other PG users would
wish to either. The net effect would be to prevent PG users from
upgrading until the OS vendors get around to issuing new versions,
which is not helpful. Particularly if the vendor chooses to back-patch
Safe security fixes without bumping the visible version number, as is
not unlikely for Red Hat in particular.
regards, tom lane
В списке pgsql-hackers по дате отправления: