Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vFC7k-008ycU-LU for pgsql-general@arkaria.postgresql.org; Sat, 01 Nov 2025 13:58:31 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1vFC7j-005ONB-4x for pgsql-general@arkaria.postgresql.org; Sat, 01 Nov 2025 13:58:30 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1vFC7i-005ON3-Kb for pgsql-general@lists.postgresql.org; Sat, 01 Nov 2025 13:58:29 +0000 Received: from momjian.us ([72.94.173.45]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vFC7e-004u68-39 for pgsql-general@postgresql.org; Sat, 01 Nov 2025 13:58:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us; s=2025010100; h=In-Reply-To:Content-Transfer-Encoding:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-ID:Content-Description; bh=eGVCLS6J2SmOE7Q17qzEnTCpsg95IHT43+KZkMZWm7s=; b=ZJf+Zp2kr+atb60rrwW28s2gVT Ij0gMTM3jAUbZgyuqf++MGfbakySH+qiYl9b/Dz9F/JEInSsY4SKiyX25GArP+aTlO79Uhu8smfL5 AoaJwPv6Swe75oLLG6jp5xENLfofOv/io+nawc4tGr6SYdtTCC4HQ+b4DEMVQ2Cp50x3R7YyXQW83 LS8FJzTRpkgiHEl7iQtAW+E+cfI5EKY5xaLCkanIe2zVWE1nexOvRbH4Zdng4U6z9UwZCRa/mVYWT fSdUpJkhivAcNfS+XJzCFAjcN/GCZsiQW1rwciG0OGcOySEXJVsGpGAqNQV1m+t221HIxawo8LbYG EdkU2fAQ==; Received: from bruce by momjian.us with local (Exim 4.98.2) (envelope-from ) id 1vFC7c-0000000Fa9f-44RD; Sat, 01 Nov 2025 09:58:24 -0400 Date: Sat, 1 Nov 2025 09:58:24 -0400 From: Bruce Momjian To: Kai Wagner Cc: Chris Travers , Christophe Pettus , "Clay Jackson (cjackson)" , pgsql-general , Laurenz Albe , Ron Johnson Subject: Re: Enquiry about TDE with PgSQL Message-ID: References: <3DC589BC-A5F6-49BC-BFFC-F1FCB0FF7E95@thebuild.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Sat, Nov 1, 2025 at 08:34:57AM +0100, Kai Wagner wrote: > I wholeheartedly agree, as in this thread we are trying to do the same thing > again, that has already happened all they years before. We lose ourselves in > technical reasons, wondering why this makes no sense and how it could be > achieved differently, but we forget that we live in a vacuum and bubble here.  > The auditor, most of the time (as I've seen many times), has no knowledge of > these technical aspects. It's a box to check, with a simple 'yes' or 'no'. They > don't even wanna hear any "but this also satisfies it, as this isn't clearly > stated and worded in the standard". This doesn't get us anywhere anymore; they > will not put their checkbox there if there is no simple answer to it. > > @Bruce Momjian I totally understand your frustration from previous times and > also your point of view, that's absolutely valid, no doubt about that. The time > has changed over the course of the last 5+ years, and maybe it is time to > reconsider. Just because it didn't succeed last time doesn't mean we have to > end up in the same spot this time. We discussed it at length, and I am > committed to supporting and making happen what's necessary to get TDE fully > functional with postgres directly. The way of the implementation is a different > question. Who from the former times, or maybe even now, being interested in the > topic, would be open for a TDE group, to technically discuss options, > possibilities etc. that we can POC on and share for further feedback?! Without the calculus of feature value vs code overhead changing, talking isn't going to accomplish anything. My patch was already very small for shared buffers, and the WAL code would have been small, but the code weight of encrypting temporary files wasn't justified by the community, and I couldn't argue against that conclusion. Crunchy had someone working on restructuring temporary file writes to make it easier, but they were unsuccessful. Maybe the posted temporary file compression patch will help reduce the code weight. If you want to move forward with TDE without waiting to see if the temporary file compression patch will reduce the TDE code impact, you need to dig into how the community does feature calculus and how that calculus can be changed --- this is not something technology can fix. Companies are willing to add the code weight because it is a sale for them, and customers are willing to pay to meet the check box --- that calculus just doesn't work in the community. -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.