Joshua D. Drake wrote:
> Tom Lane wrote:
> > Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
> >> I would like to see pgcrypto (or at least some of it's
> >> functionality) in core.
> >
> > I believe the reason we keep it separate is so that people can
> > easily make crypto-free versions of PG for use in countries where
> > encryption capability is considered subject to arms regulations.
> > Not sure how important that case really is today, but it was a big
> > consideration last time this was discussed.
>
> That is a good question but in reality people who need to do so, can
> get the source from a mirror that is outside the country that has the
> rules.
The point is that vendors (consultants, distributors, nice people) can
produce safe versions to distribute in or to places with crypto
regulations. But since PostgreSQL contains code that links with SSL
and Kerberos functionality, you need to patch the code anyway in order
to do that legally. But it's nice to keep these things constrained to
well-known places in the source anyway.
(This opinion was sponsored by real lawyers.)
--
Peter Eisentraut
http://developer.postgresql.org/~petere/