Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tEPnw-007CVn-NR
	for pgsql-general@arkaria.postgresql.org; Fri, 22 Nov 2024 09:18:20 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tEPnu-0071sK-SL
	for pgsql-general@arkaria.postgresql.org; Fri, 22 Nov 2024 09:18:18 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ronljohnsonjr@gmail.com>)
	id 1tEPnu-0071sB-Hn
	for pgsql-general@lists.postgresql.org; Fri, 22 Nov 2024 09:18:18 +0000
Received: from mail-oi1-x22d.google.com ([2607:f8b0:4864:20::22d])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <ronljohnsonjr@gmail.com>)
	id 1tEPns-003FZn-9Z
	for pgsql-general@lists.postgresql.org; Fri, 22 Nov 2024 09:18:17 +0000
Received: by mail-oi1-x22d.google.com with SMTP id 5614622812f47-3e7e2e6ce0aso898139b6e.0
        for <pgsql-general@lists.postgresql.org>; Fri, 22 Nov 2024 01:18:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1732267094; x=1732871894; darn=lists.postgresql.org;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=xnhC1lnrwe6HHO9C14Q0Jqhd95hpxtfcF+9prZk1VR0=;
        b=S1IjO6Pv2tTNXp7V84gj61z3oRVx4lkRsHOQJzXx+7bCvMGS0Y0gWMvlTFWtZ5qCGQ
         7gkLmBnGeGp32yFeRgi5J8ZynOKmppI1YcKhFEJDev8tJphrFfNgxEfEBJNerwnk4qck
         Q54mY1P3Ud9ENN3uxDdeSsfG5S3pnh9j+TLmyRnHRyCIsglLG8DRwyVscXp/V8GhwKZ1
         VUxDxGL5C4TdcDjkOrD1zHF8O3cjZvcYFpS3SYWgEEJzQE+JDyfVeeeVut82w6XPrFql
         C95QQ2It4zpjYK0ur3JiuSyb7ypTzmxgbwQmsY7NNH6Kux9imGA8rA4fAtgRJ6XvwRZk
         Id4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1732267094; x=1732871894;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=xnhC1lnrwe6HHO9C14Q0Jqhd95hpxtfcF+9prZk1VR0=;
        b=XYgAQMkxeoDr/UR3G1TbcxWCyMqJV2jbMIJXJG2uXPYkQzb/x5pYBlaXiJngfBSzec
         3P2WSqY2rt10aj/Pn1Z8NuRezlHFOB8m1DAZDohBDV57zIiYGmVYzhoc4lUKEOKNJLQ1
         O3br99NECykEelNVYtukLHwlTxhO/GaTHCMD9sTJgq1Go4lhFgAZDDfCX4vWVKDIDXpO
         EsGyJtl9I6bj9s61Ds1m15sUETYPnFQYpw52bYiHZvbUC25gArCEO5UnPEsE7N4IBcDW
         quDuhvyj4NGhLEwX0J5QXxt/OW7mVcdxVsgWJoLHXI56PVg5NrgwgsiIOxWXYlVuLcoR
         SneA==
X-Gm-Message-State: AOJu0YwVFO9yjJXzm2GQAgmE3QJzomoR+L4DONxwiodVnf3Bw9NrI5dX
	CdmniXehHPemBej+8nP+/J9BZa+lV5HeRCxzXZHtuGpEPqRvKrJwMekavJgw9jJ8cB8g1YlLr8I
	FGoXLJjw+VW03eywihxqoR1LAthIpLQ==
X-Gm-Gg: ASbGncs/D1oXaRGPLbVpBKXZN6IMEOK4B74ZAVGgBfsmdV1m1RkLtkHjZgp2xGqRhod
	r8Z34QVEoh7qzADTE2f9vBmcoQAP5+Qt/
X-Google-Smtp-Source: AGHT+IFw3CPaM8jMxAL9nLBuMvAIE/ZBGFcvCkYAKm9zkaqmD/7CmkIRoZkwM1uxL7pBLSdqSVRk6M1A0YApJgBm9p8=
X-Received: by 2002:a05:6808:17aa:b0:3e7:ad4c:e856 with SMTP id
 5614622812f47-3e915a5f6d2mr2421940b6e.35.1732267093900; Fri, 22 Nov 2024
 01:18:13 -0800 (PST)
MIME-Version: 1.0
References: <CAONZJQkaLtHeNz3P5wO8-EWPjOJ1M5fgyp8x4Mc4bb_U9n9_6g@mail.gmail.com>
 <7b5846ac-c16e-48d3-b548-99a772a528c5@aklaver.com> <CAD=40Z3G8z6d1BMDmQVAAPWzCzK5kbU9wWTCZA58qmq8-L=eoA@mail.gmail.com>
 <CAKFQuwbW-5yyVPCjyTJ0uwZZvn9J94s1XzuFnoBbMXp3BC3XyQ@mail.gmail.com>
 <CAD=40Z2+84YNSM7oMb4QBpuAaadk=9XRw3PGEu5Ui_YsWpmtFA@mail.gmail.com>
 <6c898e6499036ce70ac113b52df5c3ff06286a6a.camel@cybertec.at>
 <Z0A6Eg2FH2Nb5sWO@pureos> <6bcf33ea-f856-41d0-912e-9468dbf3af13@cloud.gatewaynet.com>
In-Reply-To: <6bcf33ea-f856-41d0-912e-9468dbf3af13@cloud.gatewaynet.com>
From: Ron Johnson <ronljohnsonjr@gmail.com>
Date: Fri, 22 Nov 2024 04:18:02 -0500
Message-ID: <CANzqJaDVzQu2-44WRW-8wSw9bP9CSjAwe34+PKdt9Q86vYr3Rg@mail.gmail.com>
Subject: Re: CVE-2024-10979 Vulnerability Impact on PostgreSQL 11.10
To: "pgsql-generallists.postgresql.org" <pgsql-general@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="000000000000c9c86606277cdc6a"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CANzqJaDVzQu2-44WRW-8wSw9bP9CSjAwe34%2BPKdt9Q86vYr3Rg%40mail.gmail.com>
Precedence: bulk

--000000000000c9c86606277cdc6a
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, Nov 22, 2024 at 4:01=E2=80=AFAM Achilleas Mantzios - cloud <
a.mantzios@cloud.gatewaynet.com> wrote:

>
> On 11/22/24 10:00, Matthias Apitz wrote:
>
[snip]

>
> Why not decouple client libs from the server ? i.e. psql works great
> with many versions greater than its own. And certainly with same major
> versions. You could retain the same client libs and just upgrade the
> PgSQL server to the highest minor version of the major version that you
> support.
>

Small VARs that sell turnkey solutions would rather bundle everything
together.  One application version, one database version, one OS version,
one set of hardware, all bundled up and sold to a tech-illiterate customer
that doesn't employ a DBA or SysAdmin.  That way, when something
stops working, you aren't guessing if it's this patch, that patch, etc etc.

Not saying that Matthias works for such a VAR, but such companies
definitely exist.

--=20
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!

--000000000000c9c86606277cdc6a
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Fri, Nov 22, 2024 at 4:01=E2=80=AFAM A=
chilleas Mantzios - cloud &lt;<a href=3D"mailto:a.mantzios@cloud.gatewaynet=
.com">a.mantzios@cloud.gatewaynet.com</a>&gt; wrote:</div><div class=3D"gma=
il_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8=
ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
On 11/22/24 10:00, Matthias Apitz wrote:<br></blockquote><div>[snip]=C2=A0<=
/div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bo=
rder-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Why not decouple client libs from the server ? i.e. psql works great <br>
with many versions greater than its own. And certainly with same major <br>
versions. You could retain the same client libs and just upgrade the <br>
PgSQL server to the highest minor version of the major version that you <br=
>
support.<br>
</blockquote></div><div><br clear=3D"all"></div><div>Small VARs that sell t=
urnkey solutions would rather bundle everything together.=C2=A0 One applica=
tion version, one database version, one OS version, one set of hardware, al=
l bundled up and sold to a tech-illiterate customer that doesn&#39;t employ=
 a DBA or SysAdmin.=C2=A0 That way, when something stops=C2=A0working, you =
aren&#39;t guessing if it&#39;s this patch, that patch, etc etc.</div><div>=
<br></div><div>Not saying that Matthias works for such a VAR, but such comp=
anies definitely exist.</div><div><br></div><span class=3D"gmail_signature_=
prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=
=3D"ltr">Death to &lt;Redacted&gt;, and butter sauce.<div>Don&#39;t boil me=
, I&#39;m still alive.<br><div><div>&lt;Redacted&gt; lobster!</div></div></=
div></div></div></div>

--000000000000c9c86606277cdc6a--