Home > mailing lists

Re: [PoC] Federated Authn/z with OAUTHBEARER - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: [PoC] Federated Authn/z with OAUTHBEARER
Date	April 8 19:48:15
Msg-id	Z_VTT6mwxZEUKWKn@momjian.us Whole thread Raw
In response to	Re: [PoC] Federated Authn/z with OAUTHBEARER (Daniel Gustafsson <daniel@yesql.se>)
List	pgsql-hackers

Tree view

On Tue, Apr  8, 2025 at 06:42:19PM +0200, Daniel Gustafsson wrote:
> > On 8 Apr 2025, at 18:33, Bruce Momjian <bruce@momjian.us> wrote:
> 
> > Would we have to put out minor releases for curl CVEs?  I don't think we
> > have to for OpenSSL so would curl be the same?
> 
> Why do you envision this being different from all other dependencies we have?
> For OpenSSL we also happily build against a version (and until recently,
> several versions) which is EOL and don't even receive security fixes.

I don't know.  I know people scan our downloads and report when the
scanners detect something, but I am unclear what those scanners are
doing.  Would they see some new risks with curl?

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Do not let urgent matters crowd out time for investment in the future.

pgsql-hackers by date:

From: Robert Haas
Date: 08 April, 19:45:57
Subject: Re: Feature freeze

From: Ashutosh Bapat
Date: 08 April, 19:49:25
Subject: Re: Feature freeze

Re: [PoC] Federated Authn/z with OAUTHBEARER - Mailing list pgsql-hackers

Previous

Next