Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)
| От | David G. Johnston |
|---|---|
| Тема | Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) |
| Дата | |
| Msg-id | CAKFQuwZFmgUgVLttKy1fxWx3j9vJ+aeaJMQyxv=nEpz119-Z4A@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?) (Andres Freund <andres@anarazel.de>) |
| Ответы |
Re: Removing SSL renegotiation (Was: Should we back-patch
SSL renegotiation fixes?)
|
| Список | pgsql-hackers |
On 2015-06-24 16:41:48 +0200, Andres Freund wrote:
> I, by now, have come to a different conclusion. I think it's time to
> entirely drop the renegotiation support.
I think by now we essentially concluded that we should do that. What I'm
not sure yet is how: Do we want to rip it out in master and just change
the default in the backbranches, or do we want to rip it out in all
branches and leave a faux guc in place in the back branches. I vote for
the latter, but would be ok with both variants.
3. Change the "default" and make the guc impotent - in the back branches. Its minimally invasive and accomplishes the same user-facing goal as "ripping it out".
Leaving dead code around in master seems undesirable so ripping it out from there would still make sense. This does provide an easy fall-back in the back-branches if we are accused of being overly parental.
David J.
В списке pgsql-hackers по дате отправления: