Postgres Pro
Downloads
Home   >   mailing lists

Re: [PATCHES] Post-special page storage TDE support - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: [PATCHES] Post-special page storage TDE support
Date
Msg-id Z27D4oP-0DDvVFwu@momjian.us
Whole thread Raw
In response to Re: [PATCHES] Post-special page storage TDE support  (David Christensen <david.christensen@crunchydata.com>)
Responses Re: [PATCHES] Post-special page storage TDE support
List pgsql-hackers
Tree view 
On Thu, Dec 12, 2024 at 09:15:55AM -0600, David Christensen wrote:
> On Tue, Dec 10, 2024 at 12:54 AM Michael Paquier <michael@paquier.xyz> wrote:
> >
> > On Wed, Mar 13, 2024 at 11:26:48AM -0500, David Christensen wrote:
> > > Enclosing v4 for this patch series, rebased atop the
> > > constant-splitting series[1].  For the purposes of having cfbot happy,
> > > I am including the prerequisites as a squashed commit v4-0000, however
> > > this is not technically part of this series.
> >
> > The last update of this thread is from march 2024, with no replies and
> > no reviews.  Please note that this fails in the CI so I'd suggest a
> > rebase for now, and I have marked the patch as waiting on author.  If
> > there is a lack of interest, well..
> 
> I can't say there is a lack of interest from the author per se :), but
> not really seeing much in the way of community engagement makes me
> think it's largely unwanted.  I'd certainly be happy to rebase and
> reengage, but if it's not wanted at the conceptual level it doesn't
> seem worth the effort.  It's hard to interpret lack of response as
> "don't care, fine" vs "don't want" vs "haven't looked, -hackers is a
> firehose".

The value of TDE is limited from a security value perspective, but high
on the list of security policy requirements.  Our community is much more
responsive to actual value vs policy compliance value.

When I started focusing on TDE, it was going to require changes to
buffer reads/writes, WAL, and require a way to store secret keys.  I
thought those changes would be acceptable given TDE's security value. 
Once the file I/O changes were required, I think the balance tilted to
TDE requiring too many code changes given its security value (not policy
compliance value).

At least that is my analysis, and part of me wishes I was wrong.  I know
there are several commercial forks of TDE, mostly because companies are
more sensitive to policy compliance value, which translates to monetary
value for them.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Do not let urgent matters crowd out time for investment in the future.

pgsql-hackers by date:

Previous
From: Pavel Stehule
Date:
Subject: Re: cannot to compile extension by meson on windows
Next
From: Greg Sabino Mullane
Date:
Subject: Re: [PATCHES] Post-special page storage TDE support