Re: Security lessons from liblzma
Daniel Gustafsson <daniel@yesql.se>
From: Daniel Gustafsson <daniel@yesql.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robert Haas <robertmhaas@gmail.com>,
Peter Eisentraut <peter@eisentraut.org>,
Andres Freund <andres@anarazel.de>,
Bruce Momjian <bruce@momjian.us>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2024-04-04T20:56:01Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Introduce a non-recursive JSON parser
- 3311ea86edc7 17.0 cited
> On 4 Apr 2024, at 22:47, Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Robert Haas <robertmhaas@gmail.com> writes: >> On Thu, Apr 4, 2024 at 4:25 PM Daniel Gustafsson <daniel@yesql.se> wrote: >>> I don't disagree, like I said that very email: it's non-trivial and I wish we >>> could make it better somehow, but I don't hav an abundance of good ideas. > >> Is the basic issue that we can't rely on the necessary toolchain to be >> present on every machine where someone might try to build PostgreSQL? > > IIUC, it's not really that, but that regenerating these files is > expensive; multiple seconds even on fast machines. Putting that > into tests that are run many times a day is unappetizing. That's one aspect of it. We could cache the results of course to amortize the cost over multiple test-runs but at the end of the day it will add time to test-runs regardless of what we do. One thing to consider would be to try and rearrange/refactor the tests to require a smaller set of keys and certificates. I haven't looked into what sort of savings that could yield (if any) but if we go the route of regeneration at test-time we shouldn't leave potential savings on the table. -- Daniel Gustafsson