Home > mailing lists

Re: Relative security of Community repos and packages - Mailing list pgsql-www

From	Dave Page
Subject	Re: Relative security of Community repos and packages
Date	July 29, 2021 00:02:55
Msg-id	CA+OCxoyBAML3dN+16_k9Fp-p5=r_-JSJWZEBSNMdf5C=qo_4OA@mail.gmail.com Whole thread Raw
In response to	Re: Relative security of Community repos and packages (Adrian Klaver <adrian.klaver@aklaver.com>)
Responses	Re: Relative security of Community repos and packages (Christophe Pettus <xof@thebuild.com>)
List	pgsql-www

Tree view

On Wed, 28 Jul 2021 at 19:57, Adrian Klaver <adrian.klaver@aklaver.com> wrote:

On 7/28/21 11:26 AM, pbj@cmicdo.com wrote:
> I hope this is the right group for this question:
>
> Currently involved in a discussion about security of Postgres packages
> from various sources. I'm strongly advocating that we get our packages
> directly from PGDG.
>
> Would Postgres packages from Red Hat repos (and I guess we could include
> EDB, 2nd Quadrant, Crunchy...) be considered more secure from being
> hacked than those from the PGDG repos?

I would think the weak point would be:

https://www.postgresql.org/ftp/source/

as I am pretty sure that is where packagers pull the starting code from.

No that is not the case, at least for community and EDB packages. It might be the case for upstream distributors though (eg. OS vendors).

>
> Thanks,
> PJ

--
Adrian Klaver
adrian.klaver@aklaver.com

--
Dave Page
https://pgsnake.blogspot.com

EDB Postgres
https://www.enterprisedb.com

pgsql-www by date:

From: Christophe Pettus
Date: 28 July 2021, 23:24:59
Subject: Re: Relative security of Community repos and packages

From: Christophe Pettus
Date: 29 July 2021, 00:04:02
Subject: Re: Relative security of Community repos and packages

Re: Relative security of Community repos and packages - Mailing list pgsql-www

Previous

Next