Re: Key management with tests
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Tom Kincaid <tomjohnkincaid@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Alvaro Herrera <alvherre@alvh.no-ip.org>, Andres Freund <andres@anarazel.de>, Amit Kapila <amit.kapila16@gmail.com>, Thomas Munro <thomas.munro@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>, Stephen Frost <sfrost@snowman.net>, Masahiko Sawada <masahiko.sawada@2ndquadrant.com>
Date: 2021-01-28T20:22:21Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Rethink method for assigning OIDs to the template0 and postgres DBs.
- 2cb1272445d2 15.0 landed
-
pg_upgrade: Preserve database OIDs.
- aa01051418f1 15.0 landed
-
pg_upgrade: Preserve relfilenodes and tablespace OIDs.
- 9a974cbcba00 15.0 landed
-
Fix for new Boolean node
- cf925936ecc0 15.0 cited
-
Improve error handling of HMAC computations
- 5513dc6a304d 15.0 cited
-
Add macro RelationIsPermanent() to report relation permanence
- 95d77149c535 14.0 landed
-
Enhance nbtree index tuple deletion.
- d168b666823b 14.0 cited
On Thu, Jan 28, 2021 at 02:41:09PM -0500, Tom Kincaid wrote: > I would also like to add a "not wanted" entry for this feature on the > TODO list, baaed on the feature's limited usefulness, but I already > asked about that and no one seems to feel we don't want it. > > > I want to avoid seeing this happen. As a result of a lot of customer and user > discussions, around their criteria for choosing a database, I believe TDE is an > important feature and having it appear with a "not-wanted" tag will keep the > version of PostgreSQL released by the community out of certain (and possibly > growing) number of deployment scenarios which I don't think anybody wants to > see. With pg_upgrade, I could work on it out of the tree until it became popular, with a small non-user-visible part in the backend. With the Windows port, the port wasn't really visible to users until it we ready. For the key management part of TDE, it can't be done outside the tree, and it is user-visible before it is useful, so that restricts how much incremental work can be committed to the tree for TDE. I highlighted that concern emails months ago, but never got any feedback --- now it seems people are realizing the ramifications of that. > I think the current situation to be as follows (if I missed something please > let me know): > > 1) We need to get the current patch for Key Management reviewed and tested > further. > > I spoke to Bruce just now he will see if can get somebody to do this. Well, if we don't get anyone committed to working on the data encryption part of TDE, the key management part is useless, so why review/test it further? Although Sawada-san and Stephen Frost worked on the patch, they have not commented much on my additions, and only a few others have commented on the code, and there has been no discussion on who is working on the next steps. This indicates to me that there is little interest in moving this feature forward, which is why I started asking if it could be labeled as "not wanted". -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee