Home > mailing lists

Re: Support for NSS as a libpq TLS backend - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: Support for NSS as a libpq TLS backend
Date	February 4, 2022 21:22:00
Msg-id	Yf1uyLGeigTic55d@momjian.us Whole thread Raw
In response to	Re: Support for NSS as a libpq TLS backend (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: Support for NSS as a libpq TLS backend (Robert Haas <robertmhaas@gmail.com>) Re: Support for NSS as a libpq TLS backend (Daniel Gustafsson <daniel@yesql.se>) Re: Support for NSS as a libpq TLS backend (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

On Thu, Feb  3, 2022 at 02:33:37PM -0500, Robert Haas wrote:
> As a philosophical matter, I don't think it's great for us - or the
> Internet in general - to be too dependent on OpenSSL. Software
> monocultures are not great, and OpenSSL has near-constant security
> updates and mediocre documentation. Now, maybe anything else we

I don't think it is fair to be criticizing OpenSSL for its mediocre
documentation when the alternative being considered, NSS, has no public
documentation.  Can the source-code-defined NSS documentation be
considered better than the mediocre OpenSSL public documentation?

For the record, I do like the idea of adding NSS, but I am concerned
about its long-term maintenance, we you explained.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  If only the physical world exists, free will is an illusion.

pgsql-hackers by date:

From: Robert Haas
Date: 04 February 2022, 21:15:27
Subject: Re: decoupling table and index vacuum

From: Robert Haas
Date: 04 February 2022, 21:33:00
Subject: Re: Support for NSS as a libpq TLS backend

Re: Support for NSS as a libpq TLS backend - Mailing list pgsql-hackers

Previous

Next