Обсуждение: Re: [HACKERS] gen_random_uuid security not explicit in documentation

Поиск
Список
Период
Сортировка

Re: [HACKERS] gen_random_uuid security not explicit in documentation

От
Noah Misch
Дата:
On Fri, Jun 23, 2017 at 10:23:36AM +0900, Michael Paquier wrote:
> On Fri, Jun 23, 2017 at 3:02 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> > I'm inclined to change gen_random_uuid() to throw an error if the server is
> > built with --disable-strong-random, like gen_random_bytes() does. That way,
> > they would behave the same.
>
> No objections to do that. I guess you don't need a patch. As this is
> new to 10, I have added an open item.

[Action required within three days.  This is a generic notification.]

The above-described topic is currently a PostgreSQL 10 open item.  Heikki,
since you committed the patch believed to have created it, you own this open
item.  If some other commit is more relevant or if this does not belong as a
v10 open item, please let us know.  Otherwise, please observe the policy on
open item ownership[1] and send a status update within three calendar days of
this message.  Include a date for your subsequent status update.  Testers may
discover new open items at any time, and I want to plan to get them all fixed
well in advance of shipping v10.  Consequently, I will appreciate your efforts
toward speedy resolution.  Thanks.

[1] https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com


Re: [HACKERS] gen_random_uuid security not explicit in documentation

От
Noah Misch
Дата:
On Sun, Jun 25, 2017 at 09:26:28PM -0700, Noah Misch wrote:
> On Fri, Jun 23, 2017 at 10:23:36AM +0900, Michael Paquier wrote:
> > On Fri, Jun 23, 2017 at 3:02 AM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> > > I'm inclined to change gen_random_uuid() to throw an error if the server is
> > > built with --disable-strong-random, like gen_random_bytes() does. That way,
> > > they would behave the same.
> >
> > No objections to do that. I guess you don't need a patch. As this is
> > new to 10, I have added an open item.
>
> [Action required within three days.  This is a generic notification.]
>
> The above-described topic is currently a PostgreSQL 10 open item.  Heikki,
> since you committed the patch believed to have created it, you own this open
> item.  If some other commit is more relevant or if this does not belong as a
> v10 open item, please let us know.  Otherwise, please observe the policy on
> open item ownership[1] and send a status update within three calendar days of
> this message.  Include a date for your subsequent status update.  Testers may
> discover new open items at any time, and I want to plan to get them all fixed
> well in advance of shipping v10.  Consequently, I will appreciate your efforts
> toward speedy resolution.  Thanks.
>
> [1] https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com

This PostgreSQL 10 open item is past due for your status update.  Kindly send
a status update within 24 hours, and include a date for your subsequent status
update.  Refer to the policy on open item ownership:
https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com


Re: [HACKERS] gen_random_uuid security not explicit in documentation

От
Heikki Linnakangas
Дата:

On 30 June 2017 06:45:04 EEST, Noah Misch <noah@leadboat.com> wrote:
>This PostgreSQL 10 open item is past due for your status update.
>Kindly send
>a status update within 24 hours, and include a date for your subsequent
>status
>update.

I'll fix this some time next week. (I'm on vacation right now)

- Heikki