Home > mailing lists

Re: Relative security of Community repos and packages - Mailing list pgsql-www

From	Adrian Klaver
Subject	Re: Relative security of Community repos and packages
Date	July 28, 2021 21:57:14
Msg-id	1e552498-c43c-1c2c-ede9-53bff2e2faaf@aklaver.com Whole thread Raw
In response to	Relative security of Community repos and packages ("pbj@cmicdo.com" <pbj@cmicdo.com>)
Responses	Re: Relative security of Community repos and packages (Dave Page <dpage@pgadmin.org>)
List	pgsql-www

Tree view

On 7/28/21 11:26 AM, pbj@cmicdo.com wrote:
> I hope this is the right group for this question:
> 
> Currently involved in a discussion about security of Postgres packages 
> from various sources.  I'm strongly advocating that we get our packages 
> directly from PGDG.
> 
> Would Postgres packages from Red Hat repos (and I guess we could include 
> EDB, 2nd Quadrant, Crunchy...) be considered more secure from being 
> hacked than those from the PGDG repos?

I would think the weak point would be:

https://www.postgresql.org/ftp/source/

as I am pretty sure that is where packagers pull the starting code from.


> 
> Thanks,
> PJ


-- 
Adrian Klaver
adrian.klaver@aklaver.com

pgsql-www by date:

From: "pbj@cmicdo.com"
Date: 28 July 2021, 21:26:14
Subject: Relative security of Community repos and packages

From: Christophe Pettus
Date: 28 July 2021, 23:24:59
Subject: Re: Relative security of Community repos and packages

Re: Relative security of Community repos and packages - Mailing list pgsql-www

Previous

Next