Re: Safe security

Tim Bunce <tim.bunce@pobox.com>

From: Tim Bunce <Tim.Bunce@pobox.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Tim Bunce <Tim.Bunce@pobox.com>, Andrew Dunstan <andrew@dunslane.net>, jd@commandprompt.com, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-03-08T17:32:03Z
Lists: pgsql-hackers
On Mon, Mar 08, 2010 at 11:03:27AM -0500, Tom Lane wrote:
> Tim Bunce <Tim.Bunce@pobox.com> writes:
> > Here's a patch that:
> > 1. adds wording like that to the docs.
> > 2. randomises the container package name (a simple and sound security measure).
> > 3. requires Safe 2.25 (which has assorted fixes, including security).
> > 4. removed a harmless but suprious exclamation mark from the source.
> 
> #3 is still an absolute nonstarter, especially for a patch that we'd
> wish to backpatch.

This is a patch for 9.0. Backpatching is a separate issue.

I think Safe 2.25 should be required, but I'll let whoever applies the
patch tweak/delete that hunk as desired.

Tim.