Re: Safe security
Tim Bunce <tim.bunce@pobox.com>
From: Tim Bunce <Tim.Bunce@pobox.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Tim Bunce <Tim.Bunce@pobox.com>, Andrew Dunstan <andrew@dunslane.net>, jd@commandprompt.com, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2010-03-08T17:32:03Z
Lists: pgsql-hackers
On Mon, Mar 08, 2010 at 11:03:27AM -0500, Tom Lane wrote: > Tim Bunce <Tim.Bunce@pobox.com> writes: > > Here's a patch that: > > 1. adds wording like that to the docs. > > 2. randomises the container package name (a simple and sound security measure). > > 3. requires Safe 2.25 (which has assorted fixes, including security). > > 4. removed a harmless but suprious exclamation mark from the source. > > #3 is still an absolute nonstarter, especially for a patch that we'd > wish to backpatch. This is a patch for 9.0. Backpatching is a separate issue. I think Safe 2.25 should be required, but I'll let whoever applies the patch tweak/delete that hunk as desired. Tim.