Re: [PoC] Federated Authn/z with OAUTHBEARER
| От | Bruce Momjian |
|---|---|
| Тема | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Дата | |
| Msg-id | Z_VTT6mwxZEUKWKn@momjian.us обсуждение исходный текст |
| Ответ на | Re: [PoC] Federated Authn/z with OAUTHBEARER (Daniel Gustafsson <daniel@yesql.se>) |
| Список | pgsql-hackers |
On Tue, Apr 8, 2025 at 06:42:19PM +0200, Daniel Gustafsson wrote: > > On 8 Apr 2025, at 18:33, Bruce Momjian <bruce@momjian.us> wrote: > > > Would we have to put out minor releases for curl CVEs? I don't think we > > have to for OpenSSL so would curl be the same? > > Why do you envision this being different from all other dependencies we have? > For OpenSSL we also happily build against a version (and until recently, > several versions) which is EOL and don't even receive security fixes. I don't know. I know people scan our downloads and report when the scanners detect something, but I am unclear what those scanners are doing. Would they see some new risks with curl? -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.
В списке pgsql-hackers по дате отправления: