AW: Increased SECURITY RISCS from omitting some compikler options when building PG with meson; e.g. -fcf-protection=full
Hans Buschmann <buschmann@nidsa.net>
From: Hans Buschmann <buschmann@nidsa.net>
To: Matthias van de Meent <boekewurm+postgres@gmail.com>
Cc: Peter Eisentraut <peter@eisentraut.org>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2026-07-08T11:24:55Z
Lists: pgsql-hackers
Hello Matthias, Thank you for pointing me to the pg_config options. I didn't know and will take a look. > If the normal user cannot handle compiler options, then should they > really be self-compiling PostgreSQL with custom compiler options, for > a platform that already has pre-compiled binary distributions? As already mentioned in my original post, there are some cases a "normal" user (in my terminology it is a db responsible not experienced with C programming practice) may use a manual recompile: - blocksize change - emergency patch: see current planet postgres: - test on beta versions of the OS - etc... https://www.credativ.de/blog/postgresql/replikations-deadlock-fehler-in-aktuellen-postgres-versionen-14-16/ The user should be able to recompile the package (which is really very easy with meson after some setup of developer packages) without deeper knowledge of C programming with the original configuration of the distribution. In production I use the binary distribution from PGDG and additionally compile the latest/beta versions for a compatibility check. Best regards Hans Buschmann