public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Daniel Gustafsson <[email protected]>
Cc: Jacob Champion <[email protected]>
Cc: Wolfgang Walther <[email protected]>
Cc: Christoph Berg <[email protected]>
Cc: Andres Freund <[email protected]>
Cc: Peter Eisentraut <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Cc: Thomas Munro <[email protected]>
Cc: Nazir Bilal Yavuz <[email protected]>
Cc: Antonin Houska <[email protected]>
Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER
Date: Tue, 8 Apr 2025 12:48:15 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <CAOYmi+kt5UvPOXXXT9w_nHBNgcqiTQWS2j=D9qJaewvmO4iaAg@mail.gmail.com>
<CAOYmi+m2-2TH5AP7-8Knm_gcSiEaZVPGeUkfZeCLmYH395MYgA@mail.gmail.com>
<[email protected]>
<[email protected]>
<CAOYmi+mrYnuwMEnpYWA4FWFtDCe4rMKavDrKQPpV43u=zmR8Xg@mail.gmail.com>
<[email protected]>
<[email protected]>
<CAOYmi+mVzY5SXGeRNW+JMK-nJaX_2QL9Y6PnJOL6uhJk+YfHSA@mail.gmail.com>
<[email protected]>
<[email protected]>
On Tue, Apr 8, 2025 at 06:42:19PM +0200, Daniel Gustafsson wrote:
> > On 8 Apr 2025, at 18:33, Bruce Momjian <[email protected]> wrote:
>
> > Would we have to put out minor releases for curl CVEs? I don't think we
> > have to for OpenSSL so would curl be the same?
>
> Why do you envision this being different from all other dependencies we have?
> For OpenSSL we also happily build against a version (and until recently,
> several versions) which is EOL and don't even receive security fixes.
I don't know. I know people scan our downloads and report when the
scanners detect something, but I am unclear what those scanners are
doing. Would they see some new risks with curl?
--
Bruce Momjian <[email protected]> https://momjian.us
EDB https://enterprisedb.com
Do not let urgent matters crowd out time for investment in the future.
view thread (199+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox