Re: Support for NSS as a libpq TLS backend
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Stephen Frost <sfrost@snowman.net>
Cc: Andres Freund <andres@anarazel.de>, Daniel Gustafsson <daniel@yesql.se>, Robert Haas <robertmhaas@gmail.com>, Julien Rouhaud <rjuju123@gmail.com>, Jacob Champion <pchampion@vmware.com>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>, "hlinnaka@iki.fi" <hlinnaka@iki.fi>, "andrew.dunstan@2ndquadrant.com" <andrew.dunstan@2ndquadrant.com>, "michael@paquier.xyz" <michael@paquier.xyz>, "thomas.munro@gmail.com" <thomas.munro@gmail.com>
Date: 2022-02-04T18:04:23Z
Lists: pgsql-hackers
On Thu, Feb 3, 2022 at 01:42:53PM -0500, Stephen Frost wrote: > Greetings, > > * Bruce Momjian (bruce@momjian.us) wrote: > > On Tue, Feb 1, 2022 at 01:52:09PM -0800, Andres Freund wrote: > > > There's https://hg.mozilla.org/projects/nspr/file/tip/pr/src - which is I > > > think the upstream source. > > > > > > A project without even a bare-minimal README at the root does have a "internal > > > only" feel to it... > > > > I agree --- it is a library --- if they don't feel the need to publish > > the API, it seems to mean they want to maintain the ability to change it > > at any time, and therefore it is inappropriate for other software to > > rely on that API. > > This is really not a reasonable representation of how this library has > been maintained historically nor is there any reason to think that their > policy regarding the API has changed recently. They do have a > documented API and that hasn't changed- it's just that it's not easily > available in web-page form any longer and that's due to something > independent of the library maintenance. They've also done a good job So they have always been bad at providing an API, not just now, or that their web content disappeared and they haven't fixed it, for how long? I guess that is better than the v8 case, but not much. Is posting web content really that hard for them? > with maintaining the API as one would expect from a library and so this > really isn't a reason to avoid using it. If there's actual specific > examples of the API not being well maintained and causing issues then > please point to them and we can discuss if that is a reason to consider > not depending on NSS/NSPR. I have no specifics. > > This is not the same as Postgres extensions needing to read the Postgres > > source code --- they are an important but edge use case and we never saw > > the need to standardize or publish the internal functions that must be > > studied and adjusted possibly for major releases. > > I agree that extensions and public libraries aren't entirely the same > but I don't think it's all that unreasonable for developers that are > using a library to look at the source code for that library when > developing against it, that's certainly something I've done for a > number of different libraries. Wow, you have a much higher tolerance than I do. How do you even know which functions are the public API if you have to look at the source code? > > This kind of feels like the Chrome JavaScript code that used to be able > > to be build separately for PL/v8, but has gotten much harder to do in > > the past few years. > > This isn't at all like that case, where the maintainers made a very > clear and intentional choice to make it quite difficult for packagers to > pull v8 out to package it. Nothing like that has happened with NSS and > there isn't any reason to think that it will based on what the > maintainers have said and what they've done across the many years that > NSS has been around. As far as I know, the v8 developers didn't say anything, they just started moving things around to make it easier for them and harder for packagers --- and they didn't care. I frankly think we need some public statement from the NSS developers before moving forward --- there are just too many red flags here, and once we support it, it will be hard to remove support for it. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com If only the physical world exists, free will is an illusion.
Commits
-
Add tab-completion for CREATE FOREIGN TABLE.
- 74527c3e022d 15.0 cited
-
Add tap tests for the schema publications.
- 6b0f6f79eef2 15.0 cited
-
Move Perl test modules to a better namespace
- b3b4d8e68ae8 15.0 cited
-
Adjust configure to insist on Perl version >= 5.8.3.
- 92e6a98c3636 15.0 cited
-
Simplify code related to compilation of SSL and OpenSSL
- 092b785fad3d 14.0 landed
-
Introduce --with-ssl={openssl} as a configure option
- fe61df7f82aa 14.0 landed
-
Implement support for bulk inserts in postgres_fdw
- b663a4136331 14.0 cited
-
Fix redundant error messages in client tools
- 6be725e70161 14.0 cited
-
doc: Apply more consistently <productname> markup for OpenSSL
- 089da3c4778f 14.0 landed
-
Check ssl_in_use flag when reporting statistics
- 6a5c750f3f72 14.0 cited