On 7/28/21 11:26 AM, pbj@cmicdo.com wrote:
> I hope this is the right group for this question:
>
> Currently involved in a discussion about security of Postgres packages
> from various sources. I'm strongly advocating that we get our packages
> directly from PGDG.
>
> Would Postgres packages from Red Hat repos (and I guess we could include
> EDB, 2nd Quadrant, Crunchy...) be considered more secure from being
> hacked than those from the PGDG repos?
I would think the weak point would be:
https://www.postgresql.org/ftp/source/
as I am pretty sure that is where packagers pull the starting code from.
>
> Thanks,
> PJ
--
Adrian Klaver
adrian.klaver@aklaver.com