Re: Supporting Windows SChannel as OpenSSL replacement
| От | Andres Freund |
|---|---|
| Тема | Re: Supporting Windows SChannel as OpenSSL replacement |
| Дата | |
| Msg-id | 20140609142221.GE3149@alap3.anarazel.de обсуждение |
| Ответ на | Re: Supporting Windows SChannel as OpenSSL replacement (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: Supporting Windows SChannel as OpenSSL replacement
|
| Список | pgsql-hackers |
Hi, On 2014-06-09 10:18:40 -0400, Tom Lane wrote: > Does SChannel have a better security track record than OpenSSL? Or is > the point here just that we can define it as not our problem when a > vulnerability surfaces? Well, it's patched as part of the OS - so no new PG binaries have to be released when it's buggy. > I'm doubtful that we can ignore security issues affecting PG just because > somebody else is responsible for shipping the fix, and thus am concerned > that if we support N different SSL libraries, we will need to keep track > of N sets of vulnerabilities instead of just one. In most of the cases where such a issue exists it'll primarily affect binary distributions that include the ssl library - and those will only pick one anyway. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-hackers по дате отправления: