Tom Lane said: > I wrote: >>> [ concerning a discussion about Kerberos' com_err.h being in >>> /usr/include/et/ on some systems ] > >> Actually, I'm wondering why we directly include com_err.h at all. At >> least in the version of <krb5.h> I have here, that file is included by >> krb5.h; so both backend/libpq/auth.c and interfaces/libpq/fe-auth.c >> compile just fine with #include <com_err.h> diked out. > > After some digging in dusty old tarballs, I have learned that Kerberos > 5 releases 1.0.* did indeed require a separate #include of com_err.h, > but in releases 1.1 and later krb5.h itself includes com_err.h and so > there's no need for a separate #include. > > Kerberos 5 1.0.* includes serious known, never-patched vulnerabilities. > I can't believe that anyone is going to build PG 8.0 with krb5 1.0, or > that we need to be complicit in their trying to do so. > > Accordingly, I think we should just avoid the whole problem of exactly > where com_err.h lives by removing the #includes for it as well as the > configure test for it. >
Works for me. I'm not sure why the reasoning only applies to 8.0 - is it a case of the 'only fix serious bugs in stable releases' rule? cheers andrew ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
