> On 29 Mar 2024, at 23:59, Andres Freund <andres@anarazel.de> wrote:
> On 2024-03-29 18:37:24 -0400, Bruce Momjian wrote:
>> Now, we don't take pull requests, and all our committers are known
>> individuals, but this might have cautionary lessons for us.
>
> I am doubtful that every committer would find something sneaky hidden in
> e.g. one of the test changes in a large commit. It's not too hard to hide
> something sneaky.
One take-away for me is how important it is to ship recipes for regenerating
any testdata which is included in generated/compiled/binary format. Kind of
how we in our tree ship the config for test TLS certificates and keys which can
be manually inspected, and used to rebuild the testdata (although the risk for
injections in this particular case seems low). Bad things can still be
injected, but formats which allow manual review at least goes some way towards
lowering risk.
--
Daniel Gustafsson