Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tv2ZX-00GD21-9A for pgsql-hackers@arkaria.postgresql.org; Wed, 19 Mar 2025 23:11:39 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tv2ZV-00DT08-W8 for pgsql-hackers@arkaria.postgresql.org; Wed, 19 Mar 2025 23:11:37 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tv2ZV-00DSzz-KV for pgsql-hackers@lists.postgresql.org; Wed, 19 Mar 2025 23:11:37 +0000 Received: from momjian.us ([72.94.173.45]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1tv2ZT-000151-10 for pgsql-hackers@postgresql.org; Wed, 19 Mar 2025 23:11:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us; s=2025010100; h=In-Reply-To:Content-Transfer-Encoding:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-ID:Content-Description; bh=m/csxZ6q3drJ5ny95Oj3I81VBbhkj1KDdAZ0rpwUJUE=; b=WktM46+ahMioSgabWc9IS0OP5g 584Y8JGnV1SaPzmk7V/JyMWhu0NiETytWGlOhXAKAYkYtYPrfSN81ggXlpQPFa6z+TFIkWYNcFBry f9BrRJznd/nlfifFycr4NjwFlo/uzHPF5gBz0pI6FZJuADoE3NwmIpy1chsb6TV7vIj+4zT0ZSTDr FL04b+nvUtw+r62lSR7qcmbJi3K1u9mcDvlNtZXiiftVrQX7RAwmgkbspxl4hfLcd9TmQ92yogWrd R3xM9tM/oWGuAOuknDE1Wj2pzoMdyboF0bxHpNkHgatITZXnvMzv+bx3k1FyYnP22TH+50/1dBW0H dfM8gOyw==; Received: from bruce by momjian.us with local (Exim 4.96) (envelope-from ) id 1tv2ZM-007gVq-22; Wed, 19 Mar 2025 19:11:28 -0400 Date: Wed, 19 Mar 2025 19:11:28 -0400 From: Bruce Momjian To: Thomas Munro Cc: Tom Lane , Daniel Gustafsson , Jacob Champion , Nazir Bilal Yavuz , Andres Freund , Peter Eisentraut , Antonin Houska , PostgreSQL Hackers Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER Message-ID: References: <636879.1742357835@sss.pgh.pa.us> <641687.1742360249@sss.pgh.pa.us> <827519.1742422763@sss.pgh.pa.us> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, Mar 20, 2025 at 11:28:50AM +1300, Thomas Munro wrote: > On Thu, Mar 20, 2025 at 11:19 AM Tom Lane wrote: > > Thomas Munro writes: > > > It would increase the build dependencies, assuming a package > > > maintainer wants to enable as many features as possible, but it would > > > *not* increase the 'package requires' footprint, merely the 'package > > > suggests' footprint (as Debian calls it), and it's up to the user > > > whether they install suggested extra packages, no? > > > > Maybe I'm confused, but what I saw was a hard dependency on libcurl, > > as well as several of its dependencies: > > > I don't think that will be satisfied by 'package suggests'. > > Even if it somehow manages to load, the result of trying to > > use OAuth would be a segfault rather than any useful message. > > I was imagining that it would just error out if you try to use that > stuff and it fails to open libcurl. Then it's up to end users: if > they want to use libpq + OAuth, they have to install both libpq5 and > libcurl packages, and if they don't their connections will just fail, > presumably with some error message explaining why. Or something like > that... Am I understanding that curl is being used just to honor the RFC and it is only for testing? That seems like a small reason to add such a dependency. -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.