Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u2CGK-00EWXg-6p for pgsql-hackers@arkaria.postgresql.org; Tue, 08 Apr 2025 16:57:24 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1u2CGH-00CCGl-VR for pgsql-hackers@arkaria.postgresql.org; Tue, 08 Apr 2025 16:57:22 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u2CGH-00CCFl-Kz for pgsql-hackers@lists.postgresql.org; Tue, 08 Apr 2025 16:57:21 +0000 Received: from dd25110.kasserver.com ([85.13.146.49]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1u2CGF-004Ae6-2n for pgsql-hackers@postgresql.org; Tue, 08 Apr 2025 16:57:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=technowledgy.de; s=kas202308201259; t=1744131439; bh=9MbRHhqL8igfEHWuhNw7lATHHaS6lEw3hwoZnA2yRug=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=PVEUM9As4OF8UJoNUMN1LKwmCpLvwV06V+yO8C/+qlOuYQ/bJuWGNkUxLWhhBbpNA P/1J4dBGq2bU/GByJduqyjVbm2+FnvGF4fb0BTQ13V49Vp8qnPp6eqhR4eL8/0SZ3o JmnvldyVlNvNlatflqUG3tM85sXv/aJpkTqdMopJXmKW1eQeaC0SP6Ilj6raxhawWK iF52p0khl97+azLnDfjjtQ1uNV1N1XKN67+MGAPYYoIO2mF7NhcjNgXVU1YedS8QM2 +dA0eJnXlYEJKu0CsnvQA19+IwYwgraEbCs8iD51fcraSLzVT1HRXhn0hQvXdNsO4f 7W+7cgAwhLzjg== Received: from [192.168.0.102] (ip-037-201-153-223.um10.pools.vodafone-ip.de [37.201.153.223]) by dd25110.kasserver.com (Postfix) with ESMTPSA id F0408E1A01B8; Tue, 8 Apr 2025 18:57:18 +0200 (CEST) Message-ID: <18f84e6a-41cf-4313-8bea-6007868dd05a@technowledgy.de> Date: Tue, 8 Apr 2025 18:57:18 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER Content-Language: en-US To: Jacob Champion Cc: Bruce Momjian , Daniel Gustafsson , Christoph Berg , Andres Freund , Peter Eisentraut , Tom Lane , PostgreSQL Hackers , Thomas Munro , Nazir Bilal Yavuz , Antonin Houska References: <5bec3d4f-613f-425b-88c4-59e71c70f7d6@eisentraut.org> <96b5b38b-2fac-409f-b922-f7fd653bf847@technowledgy.de> From: Wolfgang Walther In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Bar: + List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Jacob Champion: > On Tue, Apr 8, 2025 at 9:32 AM Wolfgang Walther wrote: >> And that should also not be a problem for distributions - they could offer a libpq and a libpq_oauth package, where only one of them can be installed at the same time, I guess? * > My outsider understanding is that maintaining this sort of thing > becomes a major headache, because of combinatorics. You don't really > want to ship a libpq and libpq-with-gss and libpq-with-oauth and > libpq-with-oauth-and-gss and ... That would only be the case, if you were to consider those other dependencies as "dangerous" as cURL. But we already depend on them. So if it's really the case that cURL is that much worse, that we consider loading it as a module... then the combinatorics should not be a problem either. However, if the other deps are considered problematic as well, then the ship has already sailed, and there is not point for a special case here anymore. Best, Wolfgang