Re: Security lessons from liblzma - Mailing list pgsql-hackers

From Joe Conway
Subject Re: Security lessons from liblzma
Date
Msg-id bdd25146-f573-467a-b813-50241bb1d7ff@joeconway.com
Whole thread Raw
In response to Re: Security lessons from liblzma  (Bruce Momjian <bruce@momjian.us>)
List pgsql-hackers
On 4/8/24 22:57, Bruce Momjian wrote:
> On Sat, Mar 30, 2024 at 04:50:26PM -0400, Robert Haas wrote:
>> An awful lot of what we do operates on the principle that we know the
>> people who are involved and trust them, and I'm glad we do trust them,
>> but the world is full of people who trusted somebody too much and
>> regretted it afterwards. The fact that we have many committers rather
>> than a single maintainer probably reduces risk at least as far as the
>> source repository is concerned, because there are more people paying
>> attention to potentially notice something that isn't as it should be.
> 
> One unwritten requirement for committers is that we are able to
> communicate with them securely.  If we cannot do that, they potentially
> could be forced by others, e.g., governments, to add code to our
> repositories.
> 
> Unfortunately, there is on good way for them to communicate with us
> securely once they are unable to communicate with us securely.  I
> suppose some special word could be used to communicate that status ---
> that is how it was done in non-electronic communication in the past.

I don't know how that really helps. If one of our committers is under 
duress, they probably cannot risk outing themselves anyway.

The best defense, IMHO, is the fact that our source code is open and can 
be reviewed freely.

The trick is to get folks to do the review.

I know, for example, at $past_employer we had a requirement to get 
someone on our staff to review every single commit in order to maintain 
certain certifications. Of course there is no guarantee that such 
reviews would catch everything, but maybe we could establish post commit 
reviews by contributors in a more rigorous way? Granted, getting more 
qualified volunteers is not a trivial problem...

-- 
Joe Conway
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com




pgsql-hackers by date:

Previous
From: Matthias van de Meent
Date:
Subject: Re: Parallel Recovery in PostgreSQL
Next
From: Robert Haas
Date:
Subject: Re: post-freeze damage control