Re: [HACKERS] El Capitan Removes OpenSSL Headers

2015-12-02 Thread Dave Page 
On Tue, Dec 1, 2015 at 9:55 PM, Bruce Momjian  wrote:
> On Tue, Dec  1, 2015 at 06:40:09PM -0300, Alvaro Herrera wrote:
>> Bruce Momjian wrote:
>>
>> > Do we still have licensing issues if we ship Postgres and OpenSSL
>> > together?
>>
>> See
>> https://www.postgresql.org/message-id/20150801151410.GA28344%40awork2.anarazel.de
>
> True, but the current license is unchanged and has the advertising
> clause, which I think we have to honor if we ship OpenSSL:
>
> https://www.openssl.org/source/license.html
>
> I assume Windows has to ship OpenSSL with the installer and has to abide
> by this, for example.  OSX might have to do the same.  It might be good
> to see what we do for Windows packages.

We already do it for all our installers - Windows, OSX and Linux. We
have to, otherwise we wouldn't be able to ensure the same binaries
would run on all the different supported versions.

-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] El Capitan Removes OpenSSL Headers

2015-12-02 Thread Bruce Momjian 
On Wed, Dec  2, 2015 at 08:53:07AM +, Dave Page wrote:
> On Tue, Dec 1, 2015 at 9:55 PM, Bruce Momjian  wrote:
> > On Tue, Dec  1, 2015 at 06:40:09PM -0300, Alvaro Herrera wrote:
> >> Bruce Momjian wrote:
> >>
> >> > Do we still have licensing issues if we ship Postgres and OpenSSL
> >> > together?
> >>
> >> See
> >> https://www.postgresql.org/message-id/20150801151410.GA28344%40awork2.anarazel.de
> >
> > True, but the current license is unchanged and has the advertising
> > clause, which I think we have to honor if we ship OpenSSL:
> >
> > https://www.openssl.org/source/license.html
> >
> > I assume Windows has to ship OpenSSL with the installer and has to abide
> > by this, for example.  OSX might have to do the same.  It might be good
> > to see what we do for Windows packages.
> 
> We already do it for all our installers - Windows, OSX and Linux. We
> have to, otherwise we wouldn't be able to ensure the same binaries
> would run on all the different supported versions.

OK, good.  So the Mac installers would have to do the same thing if they
also start shipping OpenSSL too.

-- 
  Bruce Momjian  http://momjian.us
  EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] El Capitan Removes OpenSSL Headers

2015-12-02 Thread Dave Page 
On Wed, Dec 2, 2015 at 1:06 PM, Bruce Momjian  wrote:
> On Wed, Dec  2, 2015 at 08:53:07AM +, Dave Page wrote:
>> On Tue, Dec 1, 2015 at 9:55 PM, Bruce Momjian  wrote:
>> > On Tue, Dec  1, 2015 at 06:40:09PM -0300, Alvaro Herrera wrote:
>> >> Bruce Momjian wrote:
>> >>
>> >> > Do we still have licensing issues if we ship Postgres and OpenSSL
>> >> > together?
>> >>
>> >> See
>> >> https://www.postgresql.org/message-id/20150801151410.GA28344%40awork2.anarazel.de
>> >
>> > True, but the current license is unchanged and has the advertising
>> > clause, which I think we have to honor if we ship OpenSSL:
>> >
>> > https://www.openssl.org/source/license.html
>> >
>> > I assume Windows has to ship OpenSSL with the installer and has to abide
>> > by this, for example.  OSX might have to do the same.  It might be good
>> > to see what we do for Windows packages.
>>
>> We already do it for all our installers - Windows, OSX and Linux. We
>> have to, otherwise we wouldn't be able to ensure the same binaries
>> would run on all the different supported versions.
>
> OK, good.  So the Mac installers would have to do the same thing if they
> also start shipping OpenSSL too.

OSX == Mac.

-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] El Capitan Removes OpenSSL Headers

2015-12-01 Thread Alvaro Herrera 
Bruce Momjian wrote:

> Do we still have licensing issues if we ship Postgres and OpenSSL
> together?

See
https://www.postgresql.org/message-id/20150801151410.GA28344%40awork2.anarazel.de

-- 
Álvaro Herrerahttp://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] El Capitan Removes OpenSSL Headers

2015-12-01 Thread Bruce Momjian 
On Tue, Dec  1, 2015 at 03:35:39PM -0500, Robert Haas wrote:
> > Well, you'd have to use MacPorts' version of the openssl libraries,
> > too, since there'd be no certainty that their headers match the
> > Apple-provided libraries (in fact, I'd bet a lot that they don't).
> > This would be a pain if you wanted to put your compiled PG executables
> > on some other Mac.
> 
> Yeah, I guess it means that people building for MacOS X will probably
> have to ship OpenSSL as a dependency, which also means that they will
> need to update it when new versions are released.  That is already a
> pretty obnoxious disease on Windows, and it's unfortunate to see it
> spreading.  It would save us a good deal of staff time here at
> EnterpriseDB if we didn't have to do new releases of everything on
> Windows every time there is an OpenSSL update.

Do we still have licensing issues if we ship Postgres and OpenSSL
together?

-- 
  Bruce Momjian  http://momjian.us
  EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] El Capitan Removes OpenSSL Headers

2015-12-01 Thread Magnus Hagander 
On Tue, Dec 1, 2015 at 9:14 PM, Tom Lane  wrote:

> Robert Haas  writes:
> > On Tue, Dec 1, 2015 at 2:56 PM, Tom Lane  wrote:
> >> "David E. Wheeler"  writes:
> >>> I don’t suppose anyone has looked at what it would take to get
> PostgreSQL use Secure Transport, right?
>
> >> This is going to put a bit more urgency into the project Heikki had been
> >> working on to allow use of more than one SSL implementation.  I can't
> >> really see us back-porting that, though, which is going to leave things
> >> in a fairly nasty place for all pre-9.6 branches ...
>
> > I think it'd be great to finish that project, but having to use
> > MacPorts to install the headers isn't really a big deal, is it?
>
> Well, you'd have to use MacPorts' version of the openssl libraries,
> too, since there'd be no certainty that their headers match the
> Apple-provided libraries (in fact, I'd bet a lot that they don't).
> This would be a pain if you wanted to put your compiled PG executables
> on some other Mac.
>

Presumably the folks who build Postgres.app and the EDB installers will
take care of that for the big majority of people though, won't they?

I agree it's something we should fix, but I'm not sure it's that urgent.
It's no different from what Windows people have been dealing with all
along, is it? And while it affects pg developers, I doubt it'll hit that
many users?

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

Re: [HACKERS] El Capitan Removes OpenSSL Headers

2015-12-01 Thread Bruce Momjian 
On Tue, Dec  1, 2015 at 06:40:09PM -0300, Alvaro Herrera wrote:
> Bruce Momjian wrote:
> 
> > Do we still have licensing issues if we ship Postgres and OpenSSL
> > together?
> 
> See
> https://www.postgresql.org/message-id/20150801151410.GA28344%40awork2.anarazel.de

True, but the current license is unchanged and has the advertising
clause, which I think we have to honor if we ship OpenSSL:

https://www.openssl.org/source/license.html

I assume Windows has to ship OpenSSL with the installer and has to abide
by this, for example.  OSX might have to do the same.  It might be good
to see what we do for Windows packages.

-- 
  Bruce Momjian  http://momjian.us
  EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Roman grave inscription +


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] El Capitan Removes OpenSSL Headers

2015-12-01 Thread Robert Haas 
On Tue, Dec 1, 2015 at 3:14 PM, Tom Lane  wrote:
> Robert Haas  writes:
>> On Tue, Dec 1, 2015 at 2:56 PM, Tom Lane  wrote:
>>> "David E. Wheeler"  writes:
 I don’t suppose anyone has looked at what it would take to get PostgreSQL 
 use Secure Transport, right?
>
>>> This is going to put a bit more urgency into the project Heikki had been
>>> working on to allow use of more than one SSL implementation.  I can't
>>> really see us back-porting that, though, which is going to leave things
>>> in a fairly nasty place for all pre-9.6 branches ...
>
>> I think it'd be great to finish that project, but having to use
>> MacPorts to install the headers isn't really a big deal, is it?
>
> Well, you'd have to use MacPorts' version of the openssl libraries,
> too, since there'd be no certainty that their headers match the
> Apple-provided libraries (in fact, I'd bet a lot that they don't).
> This would be a pain if you wanted to put your compiled PG executables
> on some other Mac.

Yeah, I guess it means that people building for MacOS X will probably
have to ship OpenSSL as a dependency, which also means that they will
need to update it when new versions are released.  That is already a
pretty obnoxious disease on Windows, and it's unfortunate to see it
spreading.  It would save us a good deal of staff time here at
EnterpriseDB if we didn't have to do new releases of everything on
Windows every time there is an OpenSSL update.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] El Capitan Removes OpenSSL Headers

2015-12-01 Thread Robert Haas 
On Tue, Dec 1, 2015 at 2:56 PM, Tom Lane  wrote:
> "David E. Wheeler"  writes:
>> Looks like Mac OS X 10.11 El Capitan has remove the OpenSSL header files. 
>> They recommend building your own or using native OS X SDKs, like Secure 
>> Transport:
>>   http://lists.apple.com/archives/macnetworkprog/2015/Jun/msg00025.html
>
> That's annoying.
>
>> I don’t suppose anyone has looked at what it would take to get PostgreSQL 
>> use Secure Transport, right?
>
> This is going to put a bit more urgency into the project Heikki had been
> working on to allow use of more than one SSL implementation.  I can't
> really see us back-porting that, though, which is going to leave things
> in a fairly nasty place for all pre-9.6 branches ...

I think it'd be great to finish that project, but having to use
MacPorts to install the headers isn't really a big deal, is it?

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] El Capitan Removes OpenSSL Headers

2015-12-01 Thread Tom Lane 
Robert Haas  writes:
> On Tue, Dec 1, 2015 at 2:56 PM, Tom Lane  wrote:
>> "David E. Wheeler"  writes:
>>> I don’t suppose anyone has looked at what it would take to get PostgreSQL 
>>> use Secure Transport, right?

>> This is going to put a bit more urgency into the project Heikki had been
>> working on to allow use of more than one SSL implementation.  I can't
>> really see us back-porting that, though, which is going to leave things
>> in a fairly nasty place for all pre-9.6 branches ...

> I think it'd be great to finish that project, but having to use
> MacPorts to install the headers isn't really a big deal, is it?

Well, you'd have to use MacPorts' version of the openssl libraries,
too, since there'd be no certainty that their headers match the
Apple-provided libraries (in fact, I'd bet a lot that they don't).
This would be a pain if you wanted to put your compiled PG executables
on some other Mac.

regards, tom lane


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

[HACKERS] El Capitan Removes OpenSSL Headers

2015-12-01 Thread David E. Wheeler 
Hackers,

Looks like Mac OS X 10.11 El Capitan has remove the OpenSSL header files. They 
recommend building your own or using native OS X SDKs, like Secure Transport:

  http://lists.apple.com/archives/macnetworkprog/2015/Jun/msg00025.html

I don’t suppose anyone has looked at what it would take to get PostgreSQL use 
Secure Transport, right? Here are the docs:

  
https://developer.apple.com/library/ios/documentation/Security/Reference/secureTransportRef/index.html

If it’s not feasible, those of use who need SSL connections on OS X will just 
have to build OpenSSL ourselves (or install from Homebrew or MacPorts).

David



smime.p7s
Description: S/MIME cryptographic signature

Re: [HACKERS] El Capitan Removes OpenSSL Headers

2015-12-01 Thread Tom Lane 
"David E. Wheeler"  writes:
> Looks like Mac OS X 10.11 El Capitan has remove the OpenSSL header files. 
> They recommend building your own or using native OS X SDKs, like Secure 
> Transport:
>   http://lists.apple.com/archives/macnetworkprog/2015/Jun/msg00025.html

That's annoying.

> I don’t suppose anyone has looked at what it would take to get PostgreSQL 
> use Secure Transport, right?

This is going to put a bit more urgency into the project Heikki had been
working on to allow use of more than one SSL implementation.  I can't
really see us back-porting that, though, which is going to leave things
in a fairly nasty place for all pre-9.6 branches ...

regards, tom lane


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers