Nico Williams <nico@cryptonector.com> writes:
> On Wed, Dec 06, 2023 at 10:57:15PM -0500, Tom Lane wrote:
>> The immediate reason for dropping that support is that Heimdal doesn't
>> have gss_store_cred_into(), without which we can't support delegated
>> credentials. AFAICT, Apple's version doesn't have that either.
> Heimdal in the master branch sure does; I'm the author if
> gss_store_cred_into() and gss_store_cred_into2(). Idk when we'll do an
> 8.0 release though. We've run out of steam.
Yeah, this is what makes me fearful about putting in changes to re-support
Heimdal. It seems like it's more or less abandonware so far as the
upstream developers are concerned, which is not comforting with any
package, but especially not for security-critical code. I understand
that downstream packagers such as Apple and the BSDen are trying to
fill the gap, but how much should their efforts be relied on?
We could certainly take the attitude suggested upthread that
"we'll allow you to build with Heimdal, and if it breaks you
get to keep both pieces". But I dunno. We get blamed when
users do obviously-stupid stuff like use a guessable superuser
password on a database they've exposed to the internet [eg, 1].
It would be a lot more obviously our fault if we say nothing
when a user chooses a known-insecure library to build against.
So I've still got really mixed emotions about this project.
I totally understand the desire to use these library versions,
but I can't help fearing that people will regret doing so ...
and then want to shift the blame to us.
regards, tom lane
[1] https://www.aquasec.com/blog/pg_mem-a-malware-hidden-in-the-postgres-processes/
