Re: Andres Freund > > Yes. Also, none of this has addressed my complaint about the extent > > of the build and install dependencies. Yes, simply not selecting > > --with-libcurl removes the problem ... but most packagers are under > > very heavy pressure to enable all features of a package.
And this feature is kind of only useful if it's available anywhere. If only half of your clients are able to use SSO, you'd probably stick with passwords anyway. So it needs to be enabled by default. > How about we provide the current libpq.so without linking to curl and also a > libpq-oauth.so that has curl support? If we do it right libpq-oauth.so would > itself link to libpq.so, making libpq-oauth.so a fairly small library. > > That way packagers can split libpq-oauth.so into a separate package, while > still just building once. That's definitely a good plan. The blast radius of build dependencies isn't really a problem, the install/run-time is. Perhaps we could do the same with libldap and libgssapi? (Though admittedly I have never seen any complaints or nagging questions from security people about these.) Christoph
