Re: Security lessons from liblzma

Greg Sabino Mullane <htamfids@gmail.com>

From: Greg Sabino Mullane <htamfids@gmail.com>
To: Peter Eisentraut <peter@eisentraut.org>
Cc: Daniel Gustafsson <daniel@yesql.se>, Andres Freund <andres@anarazel.de>, Bruce Momjian <bruce@momjian.us>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2024-04-04T21:01:12Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Introduce a non-recursive JSON parser

>
> It would be better if we created the required test files as part of the
> test run.  (Why not?  Too slow?)  Alternatively, I have been thinking
> that maybe we could make the output more reproducible by messing with
> whatever random seed OpenSSL uses.  Or maybe use a Python library to
> create the files.  Some things to think about.
>

I think this last idea is the way to go. I've hand-crafted GIF images and
PGP messages in the past; surely we have enough combined brain power around
here to craft our own SSL files? It may even be a wheel that someone has
invented already.

Cheers,
Greg