Re: Security lessons from liblzma
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Daniel Gustafsson <daniel@yesql.se>,
Peter Eisentraut <peter@eisentraut.org>,
Andres Freund <andres@anarazel.de>, Bruce Momjian <bruce@momjian.us>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2024-04-04T20:47:53Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Introduce a non-recursive JSON parser
- 3311ea86edc7 17.0 cited
Robert Haas <robertmhaas@gmail.com> writes: > On Thu, Apr 4, 2024 at 4:25 PM Daniel Gustafsson <daniel@yesql.se> wrote: >> I don't disagree, like I said that very email: it's non-trivial and I wish we >> could make it better somehow, but I don't hav an abundance of good ideas. > Is the basic issue that we can't rely on the necessary toolchain to be > present on every machine where someone might try to build PostgreSQL? IIUC, it's not really that, but that regenerating these files is expensive; multiple seconds even on fast machines. Putting that into tests that are run many times a day is unappetizing. regards, tom lane