Re: Security lessons from liblzma

Robert Haas <robertmhaas@gmail.com> writes:
> On Thu, Apr 4, 2024 at 4:25 PM Daniel Gustafsson <daniel@yesql.se> wrote:
>> I don't disagree, like I said that very email: it's non-trivial and I wish we
>> could make it better somehow, but I don't hav an abundance of good ideas.

> Is the basic issue that we can't rely on the necessary toolchain to be
> present on every machine where someone might try to build PostgreSQL?

IIUC, it's not really that, but that regenerating these files is
expensive; multiple seconds even on fast machines.  Putting that
into tests that are run many times a day is unappetizing.

            regards, tom lane