Re: Security lessons from liblzma - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Security lessons from liblzma
Date
Msg-id ZgsgR88DpJ-adS75@momjian.us
Whole thread Raw
In response to Re: Security lessons from liblzma  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Security lessons from liblzma
List pgsql-hackers
On Mon, Apr  1, 2024 at 03:17:55PM -0400, Tom Lane wrote:
> Bruce Momjian <bruce@momjian.us> writes:
> > I was more asking if users have access to patches so they could recreate
> > the build by using the Postgres git tree and supplied OS-specific
> > patches.
> 
> AFAIK, every open-source distro makes all the pieces needed to
> rebuild their packages available to users.  It wouldn't be much
> of an open-source situation otherwise.  You do have to learn
> their package build process.

I wasn't clear if all the projects provide a source tree that can be
verified against the project's source tree, and then independent
patches, or if the patches were integrated and therefore harder to
verify against the project source tree.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Only you can decide what is important to you.



pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Security lessons from liblzma
Next
From: Tom Lane
Date:
Subject: Re: On disable_cost