Greetings,
* Justin Pryzby (pry...@telsasoft.com) wrote:
> > configure | 27 ++
> > configure.ac | 2 +
>
> Does meson.build need the corresponding change ?
Ah, yes, presumably.
Something like the attached?
Thanks,
Greetings,
* Jonathan S. Katz (jk...@postgresql.org) wrote:
> On 4/10/23 11:37 AM, Tom Lane wrote:
> > Stephen Frost writes:
> > > * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > > > IOW, maybe it'd be okay to de-revert 3d4fa227b and add documentation
> > > &
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Yeah, I wouldn't be the least bit surprised if many folks running
> > FreeBSD with any interest in Kerberos have MIT Kerberos installed given
> > that Heimdal doesn't seem to be under any k
Greetings,
* Thomas Munro (thomas.mu...@gmail.com) wrote:
> On Sun, Apr 9, 2023 at 6:40 AM Tom Lane wrote:
> > The exact same thing applies to FreeBSD, except that their in-core
> > Heimdal is ancient (1.5.2). Also, they do have MIT Kerberos
> > available as a package [1]. I'd been misled by
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > I suspected there would be an issue with OSX but hadn't expected an
> > issue with NetBSD. I had tested this across a few Linux platforms and
> > cfbot showed it wasn't causing issues on Win
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2023-04-07 22:50:18 -0400, Tom Lane wrote:
> > Or should credential delegation be viewed as an incremental feature that we
> > can support or not?
>
> That seems like the best way forward here.
Yeah, that's certainly doable too, though
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > I'm open to considering support for older versions, however ...
>
> NetBSD 9.3, which is their *latest production release*, doesn't have
> gssapi_ext.h [1]. For that matter, it doesn't look li
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Looks like buildfarm animal hake, at least, has a version recent enough
> > to have gssapi_ext.h ... but still older than 1.11 and therefore
> > doesn't have the type gss_key_value_element_d
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > Stephen Frost writes:
> > > * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > >> It's whatever Apple is shipping, or was shipping last year or so.
> >
>
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > * Tom Lane (t...@sss.pgh.pa.us) wrote:
> >> It's whatever Apple is shipping, or was shipping last year or so.
>
> > Sadly they've not been maintaining the Kerberos libraries at all on
>
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Looks like longfin has a particularly old Kerberos/GSSAPI installation
> > on it
>
> It's whatever Apple is shipping, or was shipping last year or so.
Sadly they've not been maintaining the Kerb
Greetings,
Looks like longfin has a particularly old Kerberos/GSSAPI installation
on it which pre-dates MIT release 1.11 from circa 2012 and is missing
gssapi_ext.h, causing the recently committed patch to add Kerberos
credential delegation to fail to build.
I'm inclined to update our configure
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * Stephen Frost (sfr...@snowman.net) wrote:
> > * David Christensen (da...@pgguru.net) wrote:
> > > Ok, based on the interdiff there, I'm happy with that last change.
> > > Marking
> > > as Ready F
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * David Christensen (da...@pgguru.net) wrote:
> > Ok, based on the interdiff there, I'm happy with that last change. Marking
> > as Ready For Committer.
>
> Great, thanks!
>
> I'm going to go through it again m
Greetings,
* David Christensen (da...@pgguru.net) wrote:
> Ok, based on the interdiff there, I'm happy with that last change. Marking
> as Ready For Committer.
Great, thanks!
I'm going to go through it again myself but I feel reasonably good about
it and if nothing else pops and there aren't
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > Stephen Frost writes:
> > > Push, thanks again!
> >
> > Why'd you only change HEAD? Isn't the test equally fragile in the
> > back branches?
>
> Fo
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Push, thanks again!
>
> Why'd you only change HEAD? Isn't the test equally fragile in the
> back branches?
Back-patched.
Thanks!
Stephen
signature.asc
Description: PGP signature
doesn't have user mappings at
all really) so it doesn't have something similar.
Updated patch attached.
Thanks!
Stephen
From 87642bc75e7d4f3d986d4f100e6ee00711155bc7 Mon Sep 17 00:00:00 2001
From: Stephen Frost
Date: Mon, 28 Feb 2022 20:17:55 -0500
Subject: [PATCH] Add support for Kerber
Greetings,
* David Christensen (da...@pgguru.net) wrote:
> On Wed, Apr 5, 2023 at 3:30 PM Stephen Frost wrote:
> > Per GSS docs, seems like we should be comparing to GSS_C_NO_CREDENTIAL
> > and validating that the gflags has the `deleg_flag` bit set before
> > considering wh
d.
The server is configured at this point to not accept encrypted
connections (the pg_hba.conf has only:
local all test2 scram-sha-256
hostnogssenc all all $hostaddr/32 gss map=mymap
in it).
Updated the test descriptions.
> Also looks like later tests are explicitly testing w/gssencmode=require so
> maki
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Push, thanks again!
>
> Why'd you only change HEAD? Isn't the test equally fragile in the
> back branches?
Following on from this after some additional cross-platform testing,
turns out there'
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2023-03-30 16:01:46 +0200, Peter Eisentraut wrote:
> > On 30.03.23 03:29, Andres Freund wrote:
> > > > One might think that, but the precedent in other equivalent systems is
> > > > that
> > > > you reference the key and the algorithm
Greetings,
* Jacob Champion (jchamp...@timescale.com) wrote:
> On 3/20/23 09:32, Robert Haas wrote:
> > I think this is the root of our disagreement.
>
> Agreed.
I've read all the way back to the $SUBJECT change to try and get an
understanding of the questions here and it's not been easy, in
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * Greg Stark (st...@mit.edu) wrote:
> > The CFBot says there's a function be_gssapi_get_proxy() which is
> > undefined. Presumably this is a missing #ifdef or a definition that
> > should be outside an #ifdef.
&g
Greetings,
On Mon, Mar 27, 2023 at 21:35 Bruce Momjian wrote:
> On Tue, Mar 28, 2023 at 02:03:50AM +0200, Stephen Frost wrote:
> > The remote storage is certainly an independent system. Multi-mount LUNs
> are
> > entirely possible in a SAN (and absolutely with NFS, or jus
Greetings,
On Mon, Mar 27, 2023 at 19:19 Bruce Momjian wrote:
> On Tue, Mar 28, 2023 at 12:57:42AM +0200, Stephen Frost wrote:
> > I consider the operating system and its processes as much more of a
> > single entity than TLS over a network.
> >
> > Thi
Greetings,
On Mon, Mar 27, 2023 at 18:17 Bruce Momjian wrote:
> On Tue, Mar 28, 2023 at 12:01:56AM +0200, Stephen Frost wrote:
> > Greetings,
> >
> > On Mon, Mar 27, 2023 at 12:38 Bruce Momjian wrote:
> >
> > On Wed, Mar 8, 2023 at 04:25:04PM -0500, Step
Greetings,
On Mon, Mar 27, 2023 at 12:38 Bruce Momjian wrote:
> On Wed, Mar 8, 2023 at 04:25:04PM -0500, Stephen Frost wrote:
> > Agreed, though the latest efforts include an option for *authenticated*
> > encryption as well as unauthenticated. That makes it much more
> &
attached.
Thanks!
Stephen
From 450a8749d04af54e8214a2ab357fbec7849a485b Mon Sep 17 00:00:00 2001
From: Stephen Frost
Date: Mon, 28 Feb 2022 20:17:55 -0500
Subject: [PATCH] Add support for Kerberos credential delegation
Support GSSAPI/Kerberos credentials being delegated to the server by
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * Michael Paquier (mich...@paquier.xyz) wrote:
> > On Mon, Sep 19, 2022 at 02:05:39PM -0700, Jacob Champion wrote:
> > > It's not prevented, because a password is being used. In my tests I'm
> > > connect
Greetings,
On Mon, Mar 13, 2023 at 21:03 Justin Pryzby wrote:
> On Thu, Mar 09, 2023 at 03:02:29PM -0500, Stephen Frost wrote:
> > * Justin Pryzby (pry...@telsasoft.com) wrote:
> > > On Thu, Mar 09, 2023 at 09:34:10AM -0500, Stephen Frost wrote:
> > > >
Greetings,
* Thomas Munro (thomas.mu...@gmail.com) wrote:
> On Fri, Mar 10, 2023 at 10:26 AM Melanie Plageman
> wrote:
> > I think that 4753ef37e0ed undid the work caf626b2c did to support
> > sub-millisecond delays for vacuum and autovacuum.
> >
> > After 4753ef37e0ed, vacuum_delay_point()'s
Greetings,
* Alvaro Herrera (alvhe...@alvh.no-ip.org) wrote:
> On 2023-Mar-09, Justin Pryzby wrote:
> > On Thu, Mar 09, 2023 at 09:34:10AM -0500, Stephen Frost wrote:
> > > > +Reports whether huge pages are in use by the current instance.
> > > > +
Greetings,
* Justin Pryzby (pry...@telsasoft.com) wrote:
> On Thu, Mar 09, 2023 at 09:34:10AM -0500, Stephen Frost wrote:
> > * Nathan Bossart (nathandboss...@gmail.com) wrote:
> > > On Wed, Feb 15, 2023 at 10:13:17AM -0800, Nathan Bossart wrote:
> > > > On Tue, Fe
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Push, thanks again!
>
> Why'd you only change HEAD? Isn't the test equally fragile in the
> back branches?
We hadn't had any complaints about it and so I wasn't sure if it was
useful to back-pa
Greetings,
* Heikki Linnakangas (hlinn...@iki.fi) wrote:
> On 25 February 2023 00:50:30 EET, Stephen Frost wrote:
> >Thanks for reviewing! Comments added and updated the commit message.
> >
> >Unless there's anything else, I'll push this early next week.
>
> s/ca
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Fri, Feb 17, 2023 at 09:01:43AM -0800, Jacob Champion wrote:
> > On Thu, Feb 16, 2023 at 10:59 PM Michael Paquier
> > wrote:
> >> I am adding Stephen Frost
> >> in CC to see if he has any comments
Greetings,
* Nathan Bossart (nathandboss...@gmail.com) wrote:
> On Wed, Feb 15, 2023 at 10:13:17AM -0800, Nathan Bossart wrote:
> > On Tue, Feb 14, 2023 at 07:32:56PM -0600, Justin Pryzby wrote:
> >> On Mon, Feb 13, 2023 at 08:18:52PM -0800, Nathan Bossart wrote:
> >>> I'm curious why you chose
Greetings,
* Chris Travers (chris.trav...@gmail.com) wrote:
> From the documentation, the primary threat model of TDE is to prevent
> decryption of data from archived wal segments (and data files), for example
> on a backup system. While there are other methods around this problem to
> date,
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> Thanks for the review. I have committed the patches.
No objections to what was committed.
> On Thu, Mar 2, 2023 at 2:59 AM Michael Paquier wrote:
> > There is more to it: the page LSN is checked before its checksum.
> > Hence, if the
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Tue, Feb 28, 2023 at 4:01 PM Jeff Davis wrote:
> > Or default expressions, I presume. If we at least agree on this point,
> > then I think we should try to find a way to treat these other hunks of
> > code in a secure way (which I
Greetings,
* Nathan Bossart (nathandboss...@gmail.com) wrote:
> On Sat, Feb 25, 2023 at 11:00:31AM -0800, Andres Freund wrote:
> > TBH, I think the current archive and restore module APIs aren't useful. I
> > think it was a mistake to add archive modules without having demonstrated
> > that
> >
Greetings,
* Jacob Champion (jchamp...@timescale.com) wrote:
> On Mon, Feb 27, 2023 at 12:43 PM Stephen Frost wrote:
> > * Jacob Champion (jchamp...@timescale.com) wrote:
> > > This patchset should ideally have required zero client side changes, but
> > > becau
Greetings,
* Jeff Davis (pg...@j-davis.com) wrote:
> On Tue, 2023-02-28 at 08:37 -0500, Robert Haas wrote:
> > The existing SECURITY_RESTRICTED_OPERATION flag basically prevents
> > you
> > from tinkering with the session state.
>
> Currently, every time we set that flag we also run all the code
Greetings,
* Jeff Davis (pg...@j-davis.com) wrote:
> Not all steps would be breaking changes, and a lot of those steps are
> things we should do anyway. We could make it easier to write safe
> SECURITY DEFINER functions, provide more tools for users to opt-out of
> executing SECURITY INVOKER
Greetings,
* Jeff Davis (pg...@j-davis.com) wrote:
> On Mon, 2023-02-27 at 14:10 -0500, Stephen Frost wrote:
> > I do think there are some use-cases for it, but agree that it'd be
> > better to encourage more use of SECURITY DEFINER and one approach to
> > that might be to
Greetings,
* Jacob Champion (jchamp...@timescale.com) wrote:
> This patchset should ideally have required zero client side changes, but
> because our SCRAM implementation is slightly nonstandard too -- it
> doesn't embed the username into the SCRAM data -- libpq can't talk to
> the OpenLDAP/Cyrus
Greetings,
* Andrey Chudnovsky (achudnovs...@gmail.com) wrote:
> > This really doesn't feel like a great area to try and do hooks or
> > similar in, not the least because that approach has been tried and tried
> > again (PAM, GSSAPI, SASL would all be examples..) and frankly none of
> > them has
Greetings,
* Jeff Davis (pg...@j-davis.com) wrote:
> On Mon, 2023-02-27 at 10:45 -0500, Robert Haas wrote:
> > Suppose Alice owns a table and attaches a trigger to it. If
> > Bob inserts into that table, I think we have to run the trigger,
> > because Alice is entitled to assume that, for
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Mon, Feb 27, 2023 at 8:56 AM Heikki Linnakangas wrote:
> > I'm not sure if I like that or not. I think we should clean up and
> > finish the other patches that this builds on first, and then decide if
> > we want to use the standard
Greetings,
* Heikki Linnakangas (hlinn...@iki.fi) wrote:
> On 21/02/2023 01:35, Stephen Frost wrote:
> > The name canonicalization support for Kerberos is doing us more harm
> > than good in the regression tests, so I propose we disable it. Patch
> > attached.
> >
>
Greetings,
* Jacob Champion (jchamp...@timescale.com) wrote:
> On Mon, Feb 20, 2023 at 2:35 PM Stephen Frost wrote:
> > Having skimmed back through this thread again, I still feel that the
> > direction that was originally being taken (actually support something in
> >
Greetings,
The name canonicalization support for Kerberos is doing us more harm
than good in the regression tests, so I propose we disable it. Patch
attached.
Thoughts?
Thanks,
Stephen
From 992d946d17c79d240ac6587998e2f94b12a726de Mon Sep 17 00:00:00 2001
From: Stephen Frost
Date: Mon, 20
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Sun, Feb 19, 2023 at 08:06:24PM +0530, Robert Haas wrote:
> > I mean, my idea was to basically just have one big callback:
> > ArchiverModuleMainLoopCB(). Which wouldn't return, or perhaps, would
> > only return when archiving was
Greetings,
* Andrey Chudnovsky (achudnovs...@gmail.com) wrote:
> The thread link is here:
> https://www.postgresql.org/message-id/flat/CABkiuWo4fJQ7dhqgYLtJh41kpCkT6iXOO8Eym3Rdh5tx2RJCJw%40mail.gmail.com#f94c36969a68a07c087fa9af0f5401e1
Thanks for pointing out the updates on that thread, I've
Greetings,
* mahendrakar s (mahendrakarfo...@gmail.com) wrote:
> The "issuer" field has been removed to align with the RFC
> implementation - https://www.rfc-editor.org/rfc/rfc7628.
> This patch "v6" is a single patch to support the OAUTH BEARER token
> through psql connection string.
> Below
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Floris Van Nee writes:
> > This is as far as I can see the same case as what I reported a few years
> > ago here:
> > https://www.postgresql.org/message-id/flat/1574068566573.13088%40Optiver.com#488bd647ce6f5d2c92764673a7c58289
> > There was
Greetings,
* Peter Eisentraut (peter.eisentr...@enterprisedb.com) wrote:
> On 17.02.23 00:33, Andrey Borodin wrote:
> > From time to time I want to collect some stats from locks, activity
> > and other stat views into one table from different time points. In
> > this case the \watch psql command
Greetings,
* Michael Paquier (mich...@paquier.xyz) wrote:
> On Mon, Sep 19, 2022 at 02:05:39PM -0700, Jacob Champion wrote:
> > It's not prevented, because a password is being used. In my tests I'm
> > connecting as an unprivileged user.
> >
> > You're claiming that the middlebox shouldn't be
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Wed, Feb 15, 2023 at 9:01 AM Stephen Frost wrote:
> > I'm not really a fan of just dropping the CREATE check. If we go with
> > "recipient needs CREATE rights" then at least without superuser
> > interve
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Wed, Feb 8, 2023 at 5:49 AM Nazir Bilal Yavuz wrote:
> > My colleague Adam realized that when transferring ownership, 'REASSIGN
> > OWNED' command doesn't check 'CREATE privilege on the table's schema' on
> > new owner but 'ALTER TABLE
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2023-02-13 13:45:41 -0500, Stephen Frost wrote:
> > Are there existing tests that we should add into that set that you're
> > thinking of..? I've been working with the Kerberos tests and that's
> > definitely
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> I'm working on rebasing [1], my patch to make relation extension scale
> better.
>
> As part of that I'd like to add tests for relation extension. To be able to
> test the bulk write strategy path, we need to have a few backends
Greetings,
* Yugo NAGATA (nag...@sraoss.co.jp) wrote:
> On Wed, 01 Feb 2023 11:47:23 -0500
> Tom Lane wrote:
>
> > Yugo NAGATA writes:
> > > Antonin Houska wrote:
> > >> While working on [1] I noticed that if RLS gets enabled, the COPY TO
> > >> command
> > >> includes the contents of child
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Tue, Oct 18, 2022 at 12:59 PM Tom Lane wrote:
> > There is no text suggesting that it's okay to miss, or to double-return,
> > an entry that is present throughout the scan. So I'd interpret the case
> > you're worried about as
Greetings,
* Nathan Bossart (nathandboss...@gmail.com) wrote:
> On Fri, Sep 30, 2022 at 04:34:32PM -0400, Robert Haas wrote:
> > That thread has not reached an entirely satisfying conclusion.
> > However, the behavior that was deemed outright buggy over there has
> > been fixed. The remaining
Greetings,
* Nathan Bossart (nathandboss...@gmail.com) wrote:
> On Sat, Oct 08, 2022 at 11:46:50AM -0400, Robert Haas wrote:
> > Now there may be some other scenario in which the patch is going in
> > exactly the right direction, and if I knew what it was, maybe I'd
> > agree that the patch was a
Greetings,
* Peter Eisentraut (peter.eisentr...@enterprisedb.com) wrote:
> On 27.09.22 03:37, Andres Freund wrote:
> > Maybe we should rely on PATH, rather than hardcoding OS dependent locations?
> > Or at least fall back to seach binaries in PATH? Seems pretty odd to
> > hardcode
> > all these
Greetings,
On Wed, Sep 28, 2022 at 14:50 Nathan Bossart
wrote:
> On Tue, Sep 20, 2022 at 09:31:26PM -0700, Nathan Bossart wrote:
> > I bet a more pressing concern is the calls to aclmask() since checking
> > privileges is probably done more frequently than updating them. That
> > appears to
Greetings,
* Wolfgang Walther (walt...@technowledgy.de) wrote:
> Robert Haas:
> > I don't think we're going to be very happy if we redefine inheriting
> > the privileges of another role to mean inheriting only some of them.
> > That seems pretty counterintuitive to me. I also think that this
> >
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Thu, Sep 8, 2022 at 1:06 PM wrote:
> > In theory, I could also inherit that privilege, but that's not how the
> > system works today. By using is_member_of_role, the decision was already
> > made that this should not depend on
Greetings,
* Jacob Champion (jchamp...@timescale.com) wrote:
> On Thu, Jul 7, 2022 at 4:24 PM Jacob Champion wrote:
> > So my question is this: does substituting my credentials for the admin's
> > credentials let me weaken or break the transport encryption on the
> > backend connection, and grab
Greetings,
* Drouvot, Bertrand (bdrou...@amazon.com) wrote:
> On 9/9/22 7:08 PM, Justin Pryzby wrote:
> >On Fri, Sep 09, 2022 at 12:34:15PM -0400, Stephen Frost wrote:
> >>>While we are at it, what do you think about also recording the max memory
> >>>allocat
Greetings,
* David Rowley (dgrowle...@gmail.com) wrote:
> On Thu, 1 Sept 2022 at 04:52, Reid Thompson
> wrote:
> > Add the ability to limit the amount of memory that can be allocated to
> > backends.
>
> Are you aware that relcache entries are stored in backend local memory
> and that once
Greetings,
* Kyotaro Horiguchi (horikyota@gmail.com) wrote:
> At Tue, 06 Sep 2022 17:10:49 -0400, Reid Thompson
> wrote in
> > I'm open to guidance on testing for performance degradation. I did
> > note some basic pgbench comparison numbers in the thread regarding
> > limiting backend
Greetings,
* Drouvot, Bertrand (bdrou...@amazon.com) wrote:
> On 9/1/22 3:28 AM, Kyotaro Horiguchi wrote:
> >At Wed, 31 Aug 2022 12:05:55 -0500, Justin Pryzby
> >wrote in
> >>On Wed, Aug 31, 2022 at 12:03:06PM -0400, Reid Thompson wrote:
> >>>Attached is a patch to
> >>>Add tracking of backend
Greetings,
On Wed, Sep 7, 2022 at 18:11 Nathan Bossart
wrote:
> On Wed, Sep 07, 2022 at 05:13:44PM -0400, Stephen Frost wrote:
> > I disagree that we should put the onus for addressing this on the next
> > person who wants to add bits and just willfully use up the last of the
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> Jeff Davis's comment in
> http://postgr.es/m/4f8d536a9221bccc5a33bb784dace0ef2310ec4a.ca...@j-davis.com
> reminds me that I need to update this thread based on the patch posted
> over there. That patch allows you to grant membership in one
Greetings,
* Nathan Bossart (nathandboss...@gmail.com) wrote:
> On Tue, Sep 06, 2022 at 11:24:18AM -0400, Robert Haas wrote:
> > On Tue, Sep 6, 2022 at 11:11 AM Stephen Frost wrote:
> >> If we were to make the specific bits depend on the object type as I'm
> >> sugges
Greetings,
* Nathan Bossart (nathandboss...@gmail.com) wrote:
> On Tue, Aug 23, 2022 at 07:46:47PM -0400, Stephen Frost wrote:
> > I've long felt that we should redefine the way the ACLs work to have a
> > distinct set of bits for each object type. We don't need to support a
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Tue, Jul 26, 2022 at 1:50 PM David G. Johnston
> wrote:
> >> Still, it seems somewhat appealing to give
> >> people fine-grained control over this, rather than just "on" or "off".
> > Appealing enough to consume a couple of permission
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2022-08-03 17:21:58 -0400, Stephen Frost wrote:
> > * Andres Freund (and...@anarazel.de) wrote:
> > > On 2022-08-03 16:28:08 -0400, Stephen Frost wrote:
> > > > Again, server-side only is not i
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2022-08-03 16:28:08 -0400, Stephen Frost wrote:
> > Again, server-side only is not interesting and not a direction that
> > makes sense to go in because it doesn't provide any way to have
> > trust established in b
Greetings,
* samay sharma (smilingsa...@gmail.com) wrote:
> On Tue, Aug 2, 2022 at 2:48 PM Jacob Champion
> wrote:
> > [dev hat] That said, I plan to do some additional dev work on top of
> > this over the next couple of months. The ideal case would be to provide
> > a server-only extension that
Greetings,
On Sun, Jul 31, 2022 at 11:44 David G. Johnston
wrote:
> On Sun, Jul 31, 2022 at 11:18 AM Stephen Frost wrote:
>
>> Greetings,
>>
>> * Robert Haas (robertmh...@gmail.com) wrote:
>> > On Tue, Jul 26, 2022
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Tue, Jul 26, 2022 at 12:46 PM Robert Haas wrote:
> > I believe that these patches are mostly complete, but I think that
> > dumpRoleMembership() probably needs some more work. I don't know what
> > exactly, but there's nothing to cause
Greetings,
* Fujii Masao (masao.fu...@oss.nttdata.com) wrote:
> On 2022/07/08 23:11, David Steele wrote:
> >Looks like I made that more complicated than it needed to be:
> >
> >select * from pg_backup_stop(...) \gset
> >\pset tuples_only on
> >\pset format unaligned
> >\o
Greetings,
On Fri, Jul 1, 2022 at 10:51 Brindle, Joshua wrote:
>
> On 6/30/22 8:20 PM, Stephen Frost wrote:
> > * Gurjeet Singh (gurj...@singh.im) wrote:
> >> I am planning on picking it up next week; right now picking up steam,
> >> and reviewing a different, s
Greetings,
On Wed, Jun 29, 2022 at 17:22 Jacob Champion
wrote:
> On 4/8/22 10:04, Joshua Brindle wrote:
> > It's unclear if I will be able to continue working on this featureset,
> > this email address will be inactive after today.
>
> I'm assuming the answer to this was "no". Is there any
Greetings,
On Fri, Jun 17, 2022 at 14:32 Alvaro Herrera
wrote:
> On 2022-Jun-09, Stephen Frost wrote:
>
> > TL;DR: if you're removing files from a directory that you've got an
> > active readdir() running through, you might not actually get all of the
> > *existin
Greetings,
On Fri, Jun 10, 2022 at 16:36 Peter Eisentraut <
peter.eisentr...@enterprisedb.com> wrote:
> On 02.06.22 18:26, Robert Haas wrote:
> > On Mon, Feb 7, 2022 at 11:13 AM Joe Conway wrote:
> >>> It seems to me that the INHERIT role flag isn't very well-considered.
> >>> Inheritance, or
Greetings,
* Fabien COELHO (coe...@cri.ensmp.fr) wrote:
> >I think for this purpose we should limit ourselves to algorithms
> >whose output size is, at minimum, 64 bits, and ideally, a multiple of
> >64 bits. I'm sure there are plenty of options other than the ones that
> >btrfs uses; I mentioned
Greetings,
* Andrey Borodin (x4m@double.cloud) wrote:
> On Fri, Jun 10, 2022 at 5:00 AM Matthias van de Meent <
> boekewurm+postg...@gmail.com> wrote:
> > Can't we add some extra fork that stores this extra per-page
> > information, and contains this extra metadata
>
> +1 for this approach. I
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Fri, Jun 10, 2022 at 9:36 AM Peter Eisentraut
> wrote:
> > I think there ought to be a bit more principled analysis here than just
> > "let's add a lot more bits". There is probably some kind of information
> > to be had about how
Greetings,
* Bruce Momjian (br...@momjian.us) wrote:
> We currently can check for missing heap/index files by comparing
> pg_class with the database directory files. However, I am not clear if
> this is safe during concurrent DDL. I assume we create the file before
> the update to pg_class is
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Wed, Jun 8, 2022 at 5:55 PM Peter Geoghegan wrote:
> > > That's a problem, because if in that scenario you allow three 2704
> > > byte items that don't need a heap TID and later you find you need to
> > > add a heap TID to one of those
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Mon, Jun 6, 2022 at 7:21 PM Stephen Frost wrote:
> > > To revoke a grant entirely, you just say REVOKE foo FROM bar, as now.
> > > To change an option for an existing grant, you can re-execute the
> > > gr
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Thu, Jun 2, 2022 at 3:51 PM Tom Lane wrote:
> > > I sort of thought http://postgr.es/m/3981966.1646429...@sss.pgh.pa.us
> > > constituted a completed investigation of this sort. No?
> >
> > I didn't think so. It's clear that the spec
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Mon, Feb 7, 2022 at 11:13 AM Joe Conway wrote:
> > > It seems to me that the INHERIT role flag isn't very well-considered.
> > > Inheritance, or the lack of it, ought to be decided separately for
> > > each inherited role. However,
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2022-06-02 19:30:16 -0700, Andres Freund wrote:
> > On 2021-03-16 18:48:08 +, Stephen Frost wrote:
> > > Use pre-fetching for ANALYZE
> > >
> > > When we have posix_fadvise() avail
101 - 200 of 1906 matches
Mail list logo
