On Tue, Apr 3, 2012 at 7:48 PM, Josh Berkus <j...@agliodbs.com> wrote: > On 4/3/12 5:22 AM, Robert Haas wrote: >> On Mon, Apr 2, 2012 at 5:23 AM, Dave Page <dp...@pgadmin.org> wrote: >>> If homebrew intentionally creates a hole like that, then for as long >>> as I'm one of the PostgreSQL webmasters it will *never* be listed on >>> our download pages. > > I don't agree. Listed with a warning, sure. But it should be listed.
That's fine - you don't have to agree with me :-). > Consider that OSX is pretty much purely a desktop platform (if you're > using OSX on the server, security is the least of your problems). As > such, it doesn't have the same security concerns which server platforms > have. Can I interest you in a move to Windows XP, pre security shake-up? It'll be pretty darn snappy on modern hardware! Having the ability for users to write files to system locations was one of the major reasons why Windows got into such problems. The only difference with this situation is that instead of users running with admin privileges as often (but not always) happened on Windows back then, we're talking about making parts of the filesystem world-writeable so it doesn't even matter if the user is running as an admin for a trojan or some other nasty to attack the system. That said, Jay has told me he was wrong about the world-writeable thing anyway. Apparently Homebrew fixed that last year. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers