On Mon, Oct 17, 2016 at 2:14 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > But in general, I think that being this picky about cancel keys on systems > that are too old to have /dev/random is not really helpful to anybody. > I don't recall any reports of anyone ever having a DOS situation from > weak cancel keys. It's fine to upgrade our practice where it's convenient > to do that, but taking away functionality on systems where it's not > convenient isn't improving anyone's life.
Right. I strongly agree with that. If somebody's running on a platform where they don't have a good source of entropy, they are clearly going to still want query cancel to work. They are not going to want ^C to start doing nothing, and they are *definitely* not going to want PostgreSQL to fail to compile and/or start. pgcrypto is a different situation, but I think it's just crazy to say that the problems with cancel keys are so bad that we should just refuse to run at all. Anyone who is in this situation has this problem not just with PostgreSQL but with everything on their system that wishes it had cryptographically strong random numbers, which is probably quite a bit of stuff. We shouldn't take the position that a machine without a good PRNG is a brick. They just have to accept that random number generation will be weaker not only for PostgreSQL but for any software whatever that they run on that machine. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
