Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w7xp0-0004vu-2a
	for pgsql-hackers@arkaria.postgresql.org;
	Wed, 01 Apr 2026 15:49:36 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w7xoy-0019gF-0Z
	for pgsql-hackers@arkaria.postgresql.org;
	Wed, 01 Apr 2026 15:49:32 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <daniel@yesql.se>)
	id 1w7xox-0019g7-06
	for pgsql-hackers@lists.postgresql.org;
	Wed, 01 Apr 2026 15:49:32 +0000
Received: from smtp.outgoing.loopia.se ([93.188.3.37])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <daniel@yesql.se>)
	id 1w7xou-000000002OM-2vk5
	for pgsql-hackers@lists.postgresql.org;
	Wed, 01 Apr 2026 15:49:31 +0000
Received: from s807.loopia.se (localhost [127.0.0.1])
	by s807.loopia.se (Postfix) with ESMTP id 24FFA5761B0
	for <pgsql-hackers@lists.postgresql.org>;
 Wed, 01 Apr 2026 17:49:27 +0200 (CEST)
Received: from s981.loopia.se (unknown [172.22.191.5])
	by s807.loopia.se (Postfix) with ESMTP id 0B84C57708E;
	Wed, 01 Apr 2026 17:49:27 +0200 (CEST)
Received: from localhost (unknown [172.22.191.6])
	by s981.loopia.se (Postfix) with ESMTP id F3CB722B17EA;
	Wed, 01 Apr 2026 17:49:26 +0200 (CEST)
X-Virus-Scanned: amavis at amavis.loopia.se
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2
 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 DKIM_VALID_EF=-0.1] autolearn=disabled
Authentication-Results: s470.loopia.se (amavis); dkim=pass (2048-bit key)
 header.d=yesql.se
Received: from s979.loopia.se ([172.22.191.6])
 by localhost (s470.loopia.se [172.22.190.34]) (amavis, port 10024)
 with UTF8LMTP id uuYkKLBTF11l; Wed,  1 Apr 2026 17:49:26 +0200 (CEST)
X-Loopia-Auth: user
X-Loopia-User: daniel@yesql.se
X-Loopia-Originating-IP: 89.255.232.236
Received: from smtpclient.apple (customer-89-255-232-236.stosn.net
 [89.255.232.236])
	(Authenticated sender: daniel@yesql.se)
	by s979.loopia.se (Postfix) with ESMTPSA id 5C56510BC4C8;
	Wed, 01 Apr 2026 17:49:26 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se;
	s=loopiadkim1707475645; t=1775058566;
	bh=OH5h5O9S3SEHM4k0hJLOH1QnwD45EyPf0jr+5IYqka4=;
	h=Subject:From:In-Reply-To:Date:Cc:References:To;
	b=ChC9takujIMDjjuvEK0D6FJu/rhUi/MnhjWu8j23iOIQHHFeh9HFgQ5qMc0nxUwnU
	 HXZWMeMr/SvNsfa1JdKLoFj8kkkSOO5Eds6jytCguBZpiIp7otU6YmcrKjpLwd01uI
	 K/TyVEyQlGWBdJtOV60SypMQGyai5ElBlm/N6nIoB/XfvXb4vTSwJAhO+Pq0MsmYGV
	 hScyNqTWdWN868mYy+reGunMTaELagErud3rKuyU4jmMMT8DRd9cd2qfZUGufyzj5E
	 36uc9tb/4vHhUtkf6GWYEi76n3YFRXEXksqoBZNiig3P2ao9SZd2I88F31RbumU07A
	 AzXaFFXrIVuVQ==
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.2\))
Subject: Re: 'Bad file descriptor: dup2( 1, 2 )' error on MacOS CI tasks
From: Daniel Gustafsson <daniel@yesql.se>
In-Reply-To: 
 <CAOYmi+kuxWPBte3R3azvXg8K-tvEX1WNoYHt1+R9N8GWTAGkkA@mail.gmail.com>
Date: Wed, 1 Apr 2026 17:49:15 +0200
Cc: Andres Freund <andres@anarazel.de>,
 Nazir Bilal Yavuz <byavuz81@gmail.com>,
 PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>,
 Tom Lane <tgl@sss.pgh.pa.us>,
 Noah Misch <noah@leadboat.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B9C7D975-8FD2-43AD-90DA-C83DD92AE6AC@yesql.se>
References: 
 <CAN55FZ3VOUSO2ZmBUE9wRNnL9fUQfGv5qWefk_1pWYqgJ1bRSQ@mail.gmail.com>
 <x5exjaepg73inqwj2dlaicle2pki2pjkpzwa2rksyvrkl7nhzq@rnsgrxmenl3i>
 <CAOYmi+kuxWPBte3R3azvXg8K-tvEX1WNoYHt1+R9N8GWTAGkkA@mail.gmail.com>
To: Jacob Champion <jacob.champion@enterprisedb.com>
X-Mailer: Apple Mail (2.3776.700.51.11.2)
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/B9C7D975-8FD2-43AD-90DA-C83DD92AE6AC%40yesql.se>
Precedence: bulk

> On 1 Apr 2026, at 17:36, Jacob Champion =
<jacob.champion@enterprisedb.com> wrote:
>=20
> On Wed, Apr 1, 2026 at 6:58=E2=80=AFAM Andres Freund =
<andres@anarazel.de> wrote:
>> I'm afraid the guy maintaining both IPC::Run [1] and IO::Tty has gone =
all in on AI
>> authored code.  Both IPC::Run and IO::Tty have seen more merges in =
the last
>> week than in the 5 years before. Stuff getting merged left and right, =
with
>> failing tests to boot.
>>=20
>> If I wanted to do a supply chain attack on postgres, this would be =
the
>> way. Hijack IPC::Run, edit the commits locally on a committers =
machine before
>> push, to add a backdoor, celebrate.
>=20
> I did consider locking the exact version of IPC::Run during the NetBSD
> flake debacle [1], but abandoned it after the cross-platform pain... I
> believed signature verification was "good enough" at the time. Should
> we reconsider?

I think it makes sense to pin the versions of these modules, I =
personally have
them like that on my system to avoid surprises from package upgrades.

--
Daniel Gustafsson