Hi, On 2014-06-09 10:18:40 -0400, Tom Lane wrote: > Does SChannel have a better security track record than OpenSSL? Or is > the point here just that we can define it as not our problem when a > vulnerability surfaces?
Well, it's patched as part of the OS - so no new PG binaries have to be released when it's buggy. > I'm doubtful that we can ignore security issues affecting PG just because > somebody else is responsible for shipping the fix, and thus am concerned > that if we support N different SSL libraries, we will need to keep track > of N sets of vulnerabilities instead of just one. In most of the cases where such a issue exists it'll primarily affect binary distributions that include the ssl library - and those will only pick one anyway. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
