Re: Security lessons from liblzma - libsystemd
Peter Eisentraut <peter@eisentraut.org>
From: Peter Eisentraut <peter@eisentraut.org>
To: Magnus Hagander <magnus@hagander.net>, Andres Freund <andres@anarazel.de>
Cc: Bruce Momjian <bruce@momjian.us>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2024-04-03T23:10:20Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Introduce a non-recursive JSON parser
- 3311ea86edc7 17.0 cited
On 03.04.24 23:19, Magnus Hagander wrote: > When the code is this simple, we should definitely consider carrying it > ourselves. At least if we don't expect to need *other* functionality > from the same library in the future, which I doubt we will from libsystemd. Well, I've long had it on my list to do some integration to log directly to the journal, so you can preserve metadata better. I'm not sure right now whether this would use libsystemd, but it's not like there is absolutely no other systemd-related functionality that could be added. Personally, I think this proposed change is trying to close a barndoor after a horse has bolted. There are many more interesting and scary libraries in the dependency tree of "postgres", so just picking off one right now doesn't really accomplish anything. The next release of libsystemd will drop all the compression libraries as hard dependencies, so the issue in that sense is gone anyway. Also, fun fact: liblzma is also a dependency via libxml2.