On 14 October 2012 22:17, Daniel Farina <dan...@heroku.com> wrote: > The problem there is that it's a pain to get signed certs in, say, a > test environment, so "don't check certs" will make its way into the > default configuration, and now you have all pain and no gain.
This is precisely the issue that Debian deals with in providing the "default Snake Oil" certificate; software development teams - especially small shops with one or two developers - don't want to spend time learning about CAs and creating their own, etc, and often their managers would see this as wasted time for setting up development environments and staging systems. Not saying they're right, of course; but it can be an uphill struggle, and as long as you get a real certificate for your production environment, it's hard to see what harm this (providing the "snake oil" certificate) actually causes. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers