Re: Relative security of Community repos and packages

Поиск
Список
Период
Сортировка
От Dave Page
Тема Re: Relative security of Community repos and packages
Дата
Msg-id CA+OCxoyBAML3dN+16_k9Fp-p5=r_-JSJWZEBSNMdf5C=qo_4OA@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Relative security of Community repos and packages  (Adrian Klaver <adrian.klaver@aklaver.com>)
Ответы Re: Relative security of Community repos and packages
Список pgsql-www
Дерево обсуждения


On Wed, 28 Jul 2021 at 19:57, Adrian Klaver <adrian.klaver@aklaver.com> wrote:
On 7/28/21 11:26 AM, pbj@cmicdo.com wrote:
> I hope this is the right group for this question:
>
> Currently involved in a discussion about security of Postgres packages
> from various sources.  I'm strongly advocating that we get our packages
> directly from PGDG.
>
> Would Postgres packages from Red Hat repos (and I guess we could include
> EDB, 2nd Quadrant, Crunchy...) be considered more secure from being
> hacked than those from the PGDG repos?

I would think the weak point would be:

https://www.postgresql.org/ftp/source/

as I am pretty sure that is where packagers pull the starting code from.

No that is not the case, at least for community and EDB packages. It might be the case for upstream distributors though (eg. OS vendors).




>
> Thanks,
> PJ


--
Adrian Klaver
adrian.klaver@aklaver.com


--
--
Dave Page
https://pgsnake.blogspot.com

EDB Postgres
https://www.enterprisedb.com

В списке pgsql-www по дате отправления:

Предыдущее
От: Christophe Pettus
Дата:
Сообщение: Re: Relative security of Community repos and packages
Следующее
От: Christophe Pettus
Дата:
Сообщение: Re: Relative security of Community repos and packages