Home > mailing lists

Re: Relative security of Community repos and packages - Mailing list pgsql-www

From	Christophe Pettus
Subject	Re: Relative security of Community repos and packages
Date	July 28, 2021 23:24:59
Msg-id	68B44B4E-1C13-4262-9F6F-C79601C72102@thebuild.com Whole thread Raw
In response to	Relative security of Community repos and packages ("pbj@cmicdo.com" <pbj@cmicdo.com>)
Responses	Re: Relative security of Community repos and packages (Stephen Frost <sfrost@snowman.net>)
List	pgsql-www

Tree view

> On Jul 28, 2021, at 11:26, pbj@cmicdo.com wrote:
> Currently involved in a discussion about security of Postgres packages from various sources.  I'm strongly advocating
thatwe get our packages directly from PGDG. 
>
> Would Postgres packages from Red Hat repos (and I guess we could include EDB, 2nd Quadrant, Crunchy...) be considered
moresecure from being hacked than those from the PGDG repos? 

While I have nothing bad to say about the other repo sources, every other repo (AFAIK) pulls from the community repos,
sothere's no reason that they would be *more* security than the community sources.  The Infra team takes build chain
andhosting security very seriously, and I would say that you are as safe with the community repos as you would be with
anyother source.

pgsql-www by date:

From: Adrian Klaver
Date: 28 July 2021, 21:57:14
Subject: Re: Relative security of Community repos and packages

From: Dave Page
Date: 29 July 2021, 00:02:55
Subject: Re: Relative security of Community repos and packages

Re: Relative security of Community repos and packages - Mailing list pgsql-www

Previous

Next