Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tqAOi-000UoZ-KZ
	for pgsql-general@arkaria.postgresql.org; Thu, 06 Mar 2025 12:32:20 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tqAOg-009whf-Us
	for pgsql-general@arkaria.postgresql.org; Thu, 06 Mar 2025 12:32:18 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <laurenz.albe@cybertec.at>)
	id 1tqAOg-009whI-IQ
	for pgsql-general@lists.postgresql.org; Thu, 06 Mar 2025 12:32:18 +0000
Received: from mail-ej1-x631.google.com ([2a00:1450:4864:20::631])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <laurenz.albe@cybertec.at>)
	id 1tqAOe-001IT3-2S
	for pgsql-general@lists.postgresql.org;
	Thu, 06 Mar 2025 12:32:17 +0000
Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-abf45d8db04so89435266b.1
        for <pgsql-general@lists.postgresql.org>; Thu, 06 Mar 2025 04:32:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cybertec.at; s=google; t=1741264335; x=1741869135; darn=lists.postgresql.org;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:to:from:subject:message-id:from:to:cc:subject:date
         :message-id:reply-to;
        bh=/OS/VzIr/U38KAjbceB1x68gOhn5hSOQ+AWslaEExmM=;
        b=bNtiMeky6Y3A4Bw0GmgrCYL53TVgzuWC5yLzAh4HU7tIIy3ZzEIQ8OOvQc/FzmI8tb
         ewkbCCtcbfdWtpTC8wA8t0jpzVXAAbmQa0yf94dyEj312GrWOJfHuf70eGwM1b34RX+P
         UAojsGA390vTMasAwY2ipuPr4EyE4MUsLh9ZkFxjiI8DfvVBsVlHGaJi6rs8BVroLxEI
         Iz7QUpBMMKYauiIcjinTFCn+JCKVm40LftBOQdTi+xYCRtGbwvjezO/r2GYAaFXD5Yg4
         pZT7LOxSGZlc7ffYcOfsX8gydGEUsNuC+uJziRVij0YsvCmyBJBscxKm3HAaxHFWI+rI
         F5GA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741264335; x=1741869135;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:to:from:subject:message-id:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=/OS/VzIr/U38KAjbceB1x68gOhn5hSOQ+AWslaEExmM=;
        b=g9bNj+sX9eOrrGQPQ8yN3e1+n1JQD85AMmYnZfBKP63EoszRBGdqZKakfEoP5ndzLl
         /nr/Wt2urfXaUrEtiwlSjqLz0EyMk+ReMCnJIJ/m0dzgAHLX0/G3WkcO0QAifEMH0MIc
         KZQbWPPw9o4DYo6WAj8/+nnKSVns2/SkOOJirwJeoO8MGBD0bFateRsIX7T1aPN7ihuF
         8E7v4TF+8jTLs89NEob7KwSG/BwT0LaiGGKnskcDwjD6W3gI3YbvscSKXLfqqNhEZtu3
         MqFKGKH/OhR7rjCRbkUOn8qf+uVx3ypHfUmpLhjwK7cEIj8OUHJYXGPxKQMJrBYZRmAx
         9EtA==
X-Forwarded-Encrypted: i=1; AJvYcCVlcnnhUeSXkaHePjdGDXcHeOWrdTeHoQNnydu4w9BtabxTy+wjLT0lKpXHxCDcNbEkjSDKZJmiEplGcYPB@lists.postgresql.org
X-Gm-Message-State: AOJu0YzAr/A41OhsSZbwMXIvpIybrD6twtZ/7KdSCX49kJslD5n/HmFj
	doI7Dg1XNWYY3LirDTJVFn9Fa+imW4smutvSqEZu4YL31XodaI5tRjeoRA2iBxs=
X-Gm-Gg: ASbGncs/MznloRiRCrmdjbXjNLLp+UVQko9q2LSduy35FYbXX2cKIAGN9+ftK3w4xHx
	Iu2a+BqQBcFj+kni6H+11DCb+TS6h9QiIs9fJ2yiQmhJ2NpJsc+raCWHsu0N4y+jAnL5qhAsR3a
	JKCkQWRsuTMAwD6eJ/eqq0Zp2ex4CDZgD2kmLchydSAT/XTnLvY3A38yCmu245zxraa9lKDcRgV
	C46N1haCU1K9Tu/lRQ1JzYiEMePIOSfF2wee8q4uQ+7rjbN7Lj2LEzVNoAn3Tj0dYtTtEAWBtdL
	nvEPovP78QeeG7wtI0y/eUu5L0GLBo90eWA25JgfqHGBdBAhCdUWr+M5n1eR/g==
X-Google-Smtp-Source: AGHT+IFqe0NYPdqal3unI5Yrr10vSlPIkNmRRDhVVx5D6s/QHCv4s8L/Yas6QdQiCvqKm3dwpcffMQ==
X-Received: by 2002:a17:907:94c8:b0:abf:44bd:8326 with SMTP id a640c23a62f3a-ac20d8bce29mr669964966b.17.1741264335452;
        Thu, 06 Mar 2025 04:32:15 -0800 (PST)
Received: from localhost.localdomain ([2001:871:5e:b59d:48a2:d9:55d2:155c])
        by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ac23973a98fsm88286666b.88.2025.03.06.04.32.14
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 06 Mar 2025 04:32:15 -0800 (PST)
Message-ID: <a141ae990b72eadcdbcf79efaa268ac5696f7bdb.camel@cybertec.at>
Subject: Re: [EXTERNAL] Re: Asking for OK for a nasty trick to resolve PG
 CVE-2025-1094 i
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: "Abraham, Danny" <danny_abraham@bmc.com>, 
 "pgsql-general@lists.postgresql.org"
	 <pgsql-general@lists.postgresql.org>
Date: Thu, 06 Mar 2025 13:32:14 +0100
In-Reply-To: <14fc085b-1d48-4bc0-9d44-1d11507c0ded@bmc.com>
References: 
	<SA1PR02MB969837F0BEDE8CD64AE703958ECA2@SA1PR02MB9698.namprd02.prod.outlook.com>
	 <b76f0f54cbf8bd4ebe84eecea44168f23fcc2074.camel@cybertec.at>
	 <14fc085b-1d48-4bc0-9d44-1d11507c0ded@bmc.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.54.3 (3.54.3-1.fc41) 
MIME-Version: 1.0
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/a141ae990b72eadcdbcf79efaa268ac5696f7bdb.camel%40cybertec.at>
Precedence: bulk

On Thu, 2025-03-06 at 09:33 +0000, Abraham, Danny wrote:
> We have hundreds of pg servers (mainly linux).=20
> App is 7=C3=9724.=20
> We think that patching the server to 15.12.will cost about 30 times
> more compared to patching the pg client ( mainly qa effort).

I don't think so.  Don't do any QA when installing a PostgreSQL patch
(just roll it out on the test systems first to see if your installation
procedure works).

Down time because of data corruption will cost *way* more than patching.

Yours,
Laurenz Albe