Home > mailing lists

Re: Need new psqlODBC release to update OpenSSL again - Mailing list pgsql-odbc

From	Heikki Linnakangas
Subject	Re: Need new psqlODBC release to update OpenSSL again
Date	June 6, 2014 12:51:40
Msg-id	53918F1E.9020400@vmware.com Whole thread Raw
In response to	Re: Need new psqlODBC release to update OpenSSL again ("Inoue, Hiroshi" <inoue@tpf.co.jp>)
Responses	Re: Need new psqlODBC release to update OpenSSL again (Devrim Gündüz <devrim@gunduz.org>)
List	pgsql-odbc

Tree view

On 06/06/2014 07:16 AM, Inoue, Hiroshi wrote:
> All package files at http://www.postgresql.org/ftp/odbc/versions
> /msi(mm or dll) may contain old openssl dlls. If the dlls are so
> risky, shoudn't we remove the package files?

Well, you're only at risk if you use SSL. Old versions can be very
useful for debugging. If an application used to work correctly with an
old version, but doesn't with a new version, it's very useful to try all
the versions in between to see which exact version broke it.

It would be good to add a notice to the download page though:

NOTE: Old installers contain old versions of the OpenSSL and libpq
libraries, which contain known security vulnerabilities. They are here
for reference purposes only. For production use, always use the latest
version.

- Heikki

pgsql-odbc by date:

From: Dave Page
Date: 06 June 2014, 11:25:51
Subject: Re: Need new psqlODBC release to update OpenSSL again

From: Devrim Gündüz
Date: 06 June 2014, 12:58:45
Subject: Re: Need new psqlODBC release to update OpenSSL again

Re: Need new psqlODBC release to update OpenSSL again - Mailing list pgsql-odbc

Previous

Next