Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tSfSL-000dXx-7y for pgsql-hackers@arkaria.postgresql.org; Tue, 31 Dec 2024 16:50:57 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tSfSJ-003v4a-Sv for pgsql-hackers@arkaria.postgresql.org; Tue, 31 Dec 2024 16:50:55 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tSfSJ-003v4S-HA for pgsql-hackers@lists.postgresql.org; Tue, 31 Dec 2024 16:50:55 +0000 Received: from momjian.us ([72.94.173.45]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tSfSB-002XAe-UQ for pgsql-hackers@lists.postgresql.org; Tue, 31 Dec 2024 16:50:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us; s=2024011501; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description; bh=7BfkTxH6u0I9lt3FBSSzyBdWtem0LxaUxOdxNMNeqyk=; b=YuUm4 SiFcOXe7zt2djrf/ySQfAekoqVD2sUm+xNuf+Cu55EPENj60aWmdiEU5WvMS0PdFZU+BCLFCVfcHK OdrSoKtAA/ISB4btvi140sosvg05dxPSoYclV2zXp6vtpyISXOcntUgaXHHMfXJklB8BqHVay+ni4 b8M9xL5K/tHRcsR+Pijd/q0dka0k24Wpj9Cs3EzHNvsRUIPr+JiitLR5ePagOTwX5gBh2Go1P4uJJ amW7QcAHdpSdWnf/XHcG358tfZ3alelPEUu0nV6FlgBERRDzyYvreE3VAmVD2d10Es4ZXvffhDJey jVZ1Y3K3ielzeTtpGE71Y8q/ZOsnA==; Received: from bruce by momjian.us with local (Exim 4.96) (envelope-from ) id 1tSfS9-009hLu-0i; Tue, 31 Dec 2024 11:50:45 -0500 Date: Tue, 31 Dec 2024 11:50:45 -0500 From: Bruce Momjian To: Christoph Berg Cc: Michael Paquier , Tom Lane , Roberto =?utf-8?B?Qy4gU8OhbmNoZXo=?= , pgsql-hackers@lists.postgresql.org Subject: Re: Backport of CVE-2024-10978 fix to older pgsql versions (11, 9.6, and 9.4) Message-ID: References: <3999105.1735610459@sss.pgh.pa.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Tue, Dec 31, 2024 at 10:50:10AM +0100, Christoph Berg wrote: > > Maybe, if we were doing an only-critical-fixes LTS release series, > > it'd be easier for downstream outfits to consume that instead of > > cherry-picking security fixes. I'm just speculating though. > > It's entirely possible that packagers would ignore our opinions > > and keep on cherry-picking only security fixes, in which case > > we'd be doing a lot of work for little return. > > ... if there were a PostgreSQL LTS series, Debian would probably use it. > > Overall, I think the current 5-year support window is good enough. > I don't see PostgreSQL supporting 10 years, so ELTS efforts will > always have to do some patching on their own. Thanks, that was very helpful. -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.