public inbox for [email protected]
help / color / mirror / Atom feedRe: Enquiry about TDE with PgSQL
6+ messages / 4 participants
[nested] [flat]
* Re: Enquiry about TDE with PgSQL
@ 2025-10-31 17:33 Álvaro Herrera <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: Álvaro Herrera @ 2025-10-31 17:33 UTC (permalink / raw)
To: Bruce Momjian <[email protected]>; +Cc: Christophe Pettus <[email protected]>; Adrian Klaver <[email protected]>; Kai Wagner <[email protected]>; Laurenz Albe <[email protected]>; Ron Johnson <[email protected]>; pgsql-general
On 2025-Oct-31, Bruce Momjian wrote:
> Yes, we have been avoiding the masquerade for years. The question is
> can we continue. From the lack of discussion since April 1, 2025, it
> seems the answer is yes.
Maybe, but I think the only reason for this is that some companies are
implementing it locally in their forks or whatever. I bet there are
many prospective customers that we (the open source Postgres project)
are not reaching because of lack of certifiability in this area.
Can we continue to ignore it? My impression is that that strategy will
continue to work, perhaps indefinitely. Is it a good idea? Of that I
am not so sure.
--
Álvaro Herrera 48°01'N 7°57'E — https://www.EnterpriseDB.com/
"Once again, thank you and all of the developers for your hard work on
PostgreSQL. This is by far the most pleasant management experience of
any database I've worked on." (Dan Harris)
http://archives.postgresql.org/pgsql-performance/2006-04/msg00247.php
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: Enquiry about TDE with PgSQL
@ 2025-10-31 18:22 Bruce Momjian <[email protected]>
parent: Álvaro Herrera <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: Bruce Momjian @ 2025-10-31 18:22 UTC (permalink / raw)
To: Álvaro Herrera <[email protected]>; +Cc: Christophe Pettus <[email protected]>; Adrian Klaver <[email protected]>; Kai Wagner <[email protected]>; Laurenz Albe <[email protected]>; Ron Johnson <[email protected]>; pgsql-general
On Fri, Oct 31, 2025 at 06:33:54PM +0100, Álvaro Herrera wrote:
> On 2025-Oct-31, Bruce Momjian wrote:
>
> > Yes, we have been avoiding the masquerade for years. The question is
> > can we continue. From the lack of discussion since April 1, 2025, it
> > seems the answer is yes.
>
> Maybe, but I think the only reason for this is that some companies are
> implementing it locally in their forks or whatever. I bet there are
> many prospective customers that we (the open source Postgres project)
> are not reaching because of lack of certifiability in this area.
>
> Can we continue to ignore it? My impression is that that strategy will
> continue to work, perhaps indefinitely. Is it a good idea? Of that I
> am not so sure.
Agreed. Just to state the obvious, I have never heard of any Postgres
support company discouraging the community from implementing TDE. In
fact, I have heard them strongly encourage it.
--
Bruce Momjian <[email protected]> https://momjian.us
EDB https://enterprisedb.com
Do not let urgent matters crowd out time for investment in the future.
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: Enquiry about TDE with PgSQL
@ 2025-10-31 20:04 Kai Wagner <[email protected]>
parent: Bruce Momjian <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: Kai Wagner @ 2025-10-31 20:04 UTC (permalink / raw)
To: Bruce Momjian <[email protected]>; +Cc: Álvaro Herrera <[email protected]>; Christophe Pettus <[email protected]>; Adrian Klaver <[email protected]>; Laurenz Albe <[email protected]>; Ron Johnson <[email protected]>; pgsql-general
On Fri, Oct 31, 2025 at 7:22 PM Bruce Momjian <[email protected]> wrote:
> On Fri, Oct 31, 2025 at 06:33:54PM +0100, Álvaro Herrera wrote:
> > On 2025-Oct-31, Bruce Momjian wrote:
> >
> > > Yes, we have been avoiding the masquerade for years. The question is
> > > can we continue. From the lack of discussion since April 1, 2025, it
> > > seems the answer is yes.
>
I think this assumption can be considered a false positive. The main reason
this hasn't surfaced yet is that it first takes some time to adjust, and
more importantly, there are the downstream forks with the necessary changes
that are already in use or continue to be sold. So why stop doing this?
> >
> > Maybe, but I think the only reason for this is that some companies are
> > implementing it locally in their forks or whatever. I bet there are
> > many prospective customers that we (the open source Postgres project)
> > are not reaching because of lack of certifiability in this area.
> >
> > Can we continue to ignore it? My impression is that that strategy will
> > continue to work, perhaps indefinitely. Is it a good idea? Of that I
> > am not so sure.
>
> Agreed. Just to state the obvious, I have never heard of any Postgres
> support company discouraging the community from implementing TDE. In
> fact, I have heard them strongly encourage it.
>
I don't think, as stated initially, that we can continue to ignore this any
longer. As a project, we are losing out on a significant number of users
who are willing to use fully open-source solutions, but are held back due
to this requirement. We had numerous conversations over the last few years,
exactly about this fact, and people went with MySQL, Mongo, or others - not
because of "does this technically make sense to us as engineers, but
because they couldn't fulfill their internal requirements". As Laurenz
already stated very well: "rational arguments are missing the point".
It's not news that we also tried a way of implementing it. What I would
like to achieve here is a group of interested people who can actually make
a call on how this is envisioned to work. Do we handle everything in core
directly, or do we make all necessary parts extensible? This approach may
be more efficient in the long run, as it also enables a variety of other
use cases. This is the conversation I would like to have. We're absolutely
happy and willing to spend as much time as needed to implement a solution
that works directly with PostgreSQL, so we no longer ignore huge parts of
the industry, which will only get worse over the next few years, as more
and more standards are to follow. Once we lose this user base, we all know
how long it will take to regain any of them. I don't think we want, nor
should we, to go down that route, as it would harm us as a project in the
long run. We have been on a rise for many years, but if we want to stay
there and continue to do so, some "checkbox" or "security requirements"
need to be implemented, despite "technical arguments," as otherwise some of
the largest companies worldwide cannot consider using postgres.
>
> --
> Bruce Momjian <[email protected]>
> https://url.avanan.click/v2/r01/___https://momjian.us___.YXAzOnBlcmNvbmE6YTpnOmEyOTY2NTBjZWViOWUxZGM...
> EDB
> https://url.avanan.click/v2/r01/___https://enterprisedb.com___.YXAzOnBlcmNvbmE6YTpnOmEyOTY2NTBjZWViO...
>
> Do not let urgent matters crowd out time for investment in the future.
>
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: Enquiry about TDE with PgSQL
@ 2025-10-31 20:53 Bruce Momjian <[email protected]>
parent: Kai Wagner <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: Bruce Momjian @ 2025-10-31 20:53 UTC (permalink / raw)
To: Kai Wagner <[email protected]>; +Cc: Álvaro Herrera <[email protected]>; Christophe Pettus <[email protected]>; Adrian Klaver <[email protected]>; Laurenz Albe <[email protected]>; Ron Johnson <[email protected]>; pgsql-general
On Fri, Oct 31, 2025 at 09:04:32PM +0100, Kai Wagner wrote:
> On Fri, Oct 31, 2025 at 7:22 PM Bruce Momjian <[email protected]> wrote:
>
> On Fri, Oct 31, 2025 at 06:33:54PM +0100, Álvaro Herrera wrote:
> > On 2025-Oct-31, Bruce Momjian wrote:
> >
> > > Yes, we have been avoiding the masquerade for years. The question is
> > > can we continue. From the lack of discussion since April 1, 2025, it
> > > seems the answer is yes.
>
> I think this assumption can be considered a false positive. The main reason
> this hasn't surfaced yet is that it first takes some time to adjust, and more
> importantly, there are the downstream forks with the necessary changes that are
> already in use or continue to be sold. So why stop doing this?
Keep in mind this is coming up seven months after the standard became
effective, and it is being brought up by someone from Percona, and not
from an end-user. I would have thought we would have had more end users
complaining.
> I don't think, as stated initially, that we can continue to ignore this any
> longer. As a project, we are losing out on a significant number of users who
> are willing to use fully open-source solutions, but are held back due to this
> requirement. We had numerous conversations over the last few years, exactly
> about this fact, and people went with MySQL, Mongo, or others - not because of
> "does this technically make sense to us as engineers, but because they couldn't
> fulfill their internal requirements". As Laurenz already stated very well:
> "rational arguments are missing the point".
>
> It's not news that we also tried a way of implementing it. What I would like to
> achieve here is a group of interested people who can actually make a call on
> how this is envisioned to work. Do we handle everything in core directly, or do
> we make all necessary parts extensible? This approach may be more efficient in
We created a group several years ago, got pretty far, but ended up
stopping for reasons I stated in my blog. I am not excited about doing
this again unless there is a clear change of community opinion, which I
have not seen.
--
Bruce Momjian <[email protected]> https://momjian.us
EDB https://enterprisedb.com
Do not let urgent matters crowd out time for investment in the future.
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: Enquiry about TDE with PgSQL
@ 2025-10-31 21:19 Ron Johnson <[email protected]>
parent: Bruce Momjian <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: Ron Johnson @ 2025-10-31 21:19 UTC (permalink / raw)
To: pgsql-general
On Fri, Oct 31, 2025 at 4:53 PM Bruce Momjian <[email protected]> wrote:
> On Fri, Oct 31, 2025 at 09:04:32PM +0100, Kai Wagner wrote:
> > On Fri, Oct 31, 2025 at 7:22 PM Bruce Momjian <[email protected]> wrote:
> >
> > On Fri, Oct 31, 2025 at 06:33:54PM +0100, Álvaro Herrera wrote:
> > > On 2025-Oct-31, Bruce Momjian wrote:
> > >
> > > > Yes, we have been avoiding the masquerade for years. The
> question is
> > > > can we continue. From the lack of discussion since April 1,
> 2025, it
> > > > seems the answer is yes.
> >
> > I think this assumption can be considered a false positive. The main
> reason
> > this hasn't surfaced yet is that it first takes some time to adjust, and
> more
> > importantly, there are the downstream forks with the necessary changes
> that are
> > already in use or continue to be sold. So why stop doing this?
>
> Keep in mind this is coming up seven months after the standard became
> effective, and it is being brought up by someone from Percona, and not
> from an end-user. I would have thought we would have had more end users
> complaining.
>
> > I don't think, as stated initially, that we can continue to ignore this
> any
> > longer. As a project, we are losing out on a significant number of users
> who
> > are willing to use fully open-source solutions, but are held back due to
> this
> > requirement. We had numerous conversations over the last few years,
> exactly
> > about this fact, and people went with MySQL, Mongo, or others - not
> because of
> > "does this technically make sense to us as engineers, but because they
> couldn't
> > fulfill their internal requirements". As Laurenz already stated very
> well:
> > "rational arguments are missing the point".
> >
> > It's not news that we also tried a way of implementing it. What I would
> like to
> > achieve here is a group of interested people who can actually make a
> call on
> > how this is envisioned to work. Do we handle everything in core
> directly, or do
> > we make all necessary parts extensible? This approach may be more
> efficient in
>
> We created a group several years ago, got pretty far, but ended up
> stopping for reasons I stated in my blog. I am not excited about doing
> this again unless there is a clear change of community opinion, which I
> have not seen.
We're not complaining because we need TDE sooner than later, and
PGDG's opinions on TDE are well known.
EDB and Percona are there to take our money...
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: Enquiry about TDE with PgSQL
@ 2025-10-31 22:31 Bruce Momjian <[email protected]>
parent: Ron Johnson <[email protected]>
0 siblings, 0 replies; 6+ messages in thread
From: Bruce Momjian @ 2025-10-31 22:31 UTC (permalink / raw)
To: Ron Johnson <[email protected]>; +Cc: pgsql-general
On Fri, Oct 31, 2025 at 05:19:57PM -0400, Ron Johnson wrote:
> On Fri, Oct 31, 2025 at 4:53 PM Bruce Momjian <[email protected]> wrote:
> On Fri, Oct 31, 2025 at 09:04:32PM +0100, Kai Wagner wrote:
> We created a group several years ago, got pretty far, but ended up
> stopping for reasons I stated in my blog. I am not excited about doing
> this again unless there is a clear change of community opinion, which I
> have not seen.
>
> We're not complaining because we need TDE sooner than later, and
> PGDG's opinions on TDE are well known.
>
> EDB and Percona are there to take our money...
I understand, but historically that is not the way things normally
progress. I am thinking of Oracle hints.
--
Bruce Momjian <[email protected]> https://momjian.us
EDB https://enterprisedb.com
Do not let urgent matters crowd out time for investment in the future.
^ permalink raw reply [nested|flat] 6+ messages in thread
end of thread, other threads:[~2025-10-31 22:31 UTC | newest]
Thread overview: 6+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2025-10-31 17:33 Re: Enquiry about TDE with PgSQL Álvaro Herrera <[email protected]>
2025-10-31 18:22 ` Bruce Momjian <[email protected]>
2025-10-31 20:04 ` Kai Wagner <[email protected]>
2025-10-31 20:53 ` Bruce Momjian <[email protected]>
2025-10-31 21:19 ` Ron Johnson <[email protected]>
2025-10-31 22:31 ` Bruce Momjian <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox