Re: [HACKERS] El Capitan Removes OpenSSL Headers
On Wed, Dec 2, 2015 at 1:06 PM, Bruce Momjian wrote: > On Wed, Dec 2, 2015 at 08:53:07AM +, Dave Page wrote: >> On Tue, Dec 1, 2015 at 9:55 PM, Bruce Momjian wrote: >> > On Tue, Dec 1, 2015 at 06:40:09PM -0300, Alvaro Herrera wrote: >> >> Bruce Momjian wrote: >> >> >> >> > Do we still have licensing issues if we ship Postgres and OpenSSL >> >> > together? >> >> >> >> See >> >> https://www.postgresql.org/message-id/20150801151410.GA28344%40awork2.anarazel.de >> > >> > True, but the current license is unchanged and has the advertising >> > clause, which I think we have to honor if we ship OpenSSL: >> > >> > https://www.openssl.org/source/license.html >> > >> > I assume Windows has to ship OpenSSL with the installer and has to abide >> > by this, for example. OSX might have to do the same. It might be good >> > to see what we do for Windows packages. >> >> We already do it for all our installers - Windows, OSX and Linux. We >> have to, otherwise we wouldn't be able to ensure the same binaries >> would run on all the different supported versions. > > OK, good. So the Mac installers would have to do the same thing if they > also start shipping OpenSSL too. OSX == Mac. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] El Capitan Removes OpenSSL Headers
On Wed, Dec 2, 2015 at 08:53:07AM +, Dave Page wrote: > On Tue, Dec 1, 2015 at 9:55 PM, Bruce Momjian wrote: > > On Tue, Dec 1, 2015 at 06:40:09PM -0300, Alvaro Herrera wrote: > >> Bruce Momjian wrote: > >> > >> > Do we still have licensing issues if we ship Postgres and OpenSSL > >> > together? > >> > >> See > >> https://www.postgresql.org/message-id/20150801151410.GA28344%40awork2.anarazel.de > > > > True, but the current license is unchanged and has the advertising > > clause, which I think we have to honor if we ship OpenSSL: > > > > https://www.openssl.org/source/license.html > > > > I assume Windows has to ship OpenSSL with the installer and has to abide > > by this, for example. OSX might have to do the same. It might be good > > to see what we do for Windows packages. > > We already do it for all our installers - Windows, OSX and Linux. We > have to, otherwise we wouldn't be able to ensure the same binaries > would run on all the different supported versions. OK, good. So the Mac installers would have to do the same thing if they also start shipping OpenSSL too. -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Roman grave inscription + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] El Capitan Removes OpenSSL Headers
On Tue, Dec 1, 2015 at 9:55 PM, Bruce Momjian wrote: > On Tue, Dec 1, 2015 at 06:40:09PM -0300, Alvaro Herrera wrote: >> Bruce Momjian wrote: >> >> > Do we still have licensing issues if we ship Postgres and OpenSSL >> > together? >> >> See >> https://www.postgresql.org/message-id/20150801151410.GA28344%40awork2.anarazel.de > > True, but the current license is unchanged and has the advertising > clause, which I think we have to honor if we ship OpenSSL: > > https://www.openssl.org/source/license.html > > I assume Windows has to ship OpenSSL with the installer and has to abide > by this, for example. OSX might have to do the same. It might be good > to see what we do for Windows packages. We already do it for all our installers - Windows, OSX and Linux. We have to, otherwise we wouldn't be able to ensure the same binaries would run on all the different supported versions. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] El Capitan Removes OpenSSL Headers
On Tue, Dec 1, 2015 at 06:40:09PM -0300, Alvaro Herrera wrote: > Bruce Momjian wrote: > > > Do we still have licensing issues if we ship Postgres and OpenSSL > > together? > > See > https://www.postgresql.org/message-id/20150801151410.GA28344%40awork2.anarazel.de True, but the current license is unchanged and has the advertising clause, which I think we have to honor if we ship OpenSSL: https://www.openssl.org/source/license.html I assume Windows has to ship OpenSSL with the installer and has to abide by this, for example. OSX might have to do the same. It might be good to see what we do for Windows packages. -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Roman grave inscription + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] El Capitan Removes OpenSSL Headers
Bruce Momjian wrote: > Do we still have licensing issues if we ship Postgres and OpenSSL > together? See https://www.postgresql.org/message-id/20150801151410.GA28344%40awork2.anarazel.de -- Álvaro Herrerahttp://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] El Capitan Removes OpenSSL Headers
On Tue, Dec 1, 2015 at 03:35:39PM -0500, Robert Haas wrote: > > Well, you'd have to use MacPorts' version of the openssl libraries, > > too, since there'd be no certainty that their headers match the > > Apple-provided libraries (in fact, I'd bet a lot that they don't). > > This would be a pain if you wanted to put your compiled PG executables > > on some other Mac. > > Yeah, I guess it means that people building for MacOS X will probably > have to ship OpenSSL as a dependency, which also means that they will > need to update it when new versions are released. That is already a > pretty obnoxious disease on Windows, and it's unfortunate to see it > spreading. It would save us a good deal of staff time here at > EnterpriseDB if we didn't have to do new releases of everything on > Windows every time there is an OpenSSL update. Do we still have licensing issues if we ship Postgres and OpenSSL together? -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Roman grave inscription + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] El Capitan Removes OpenSSL Headers
On Tue, Dec 1, 2015 at 3:14 PM, Tom Lane wrote: > Robert Haas writes: >> On Tue, Dec 1, 2015 at 2:56 PM, Tom Lane wrote: >>> "David E. Wheeler" writes: I don’t suppose anyone has looked at what it would take to get PostgreSQL use Secure Transport, right? > >>> This is going to put a bit more urgency into the project Heikki had been >>> working on to allow use of more than one SSL implementation. I can't >>> really see us back-porting that, though, which is going to leave things >>> in a fairly nasty place for all pre-9.6 branches ... > >> I think it'd be great to finish that project, but having to use >> MacPorts to install the headers isn't really a big deal, is it? > > Well, you'd have to use MacPorts' version of the openssl libraries, > too, since there'd be no certainty that their headers match the > Apple-provided libraries (in fact, I'd bet a lot that they don't). > This would be a pain if you wanted to put your compiled PG executables > on some other Mac. Yeah, I guess it means that people building for MacOS X will probably have to ship OpenSSL as a dependency, which also means that they will need to update it when new versions are released. That is already a pretty obnoxious disease on Windows, and it's unfortunate to see it spreading. It would save us a good deal of staff time here at EnterpriseDB if we didn't have to do new releases of everything on Windows every time there is an OpenSSL update. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] El Capitan Removes OpenSSL Headers
On Tue, Dec 1, 2015 at 9:14 PM, Tom Lane wrote: > Robert Haas writes: > > On Tue, Dec 1, 2015 at 2:56 PM, Tom Lane wrote: > >> "David E. Wheeler" writes: > >>> I don’t suppose anyone has looked at what it would take to get > PostgreSQL use Secure Transport, right? > > >> This is going to put a bit more urgency into the project Heikki had been > >> working on to allow use of more than one SSL implementation. I can't > >> really see us back-porting that, though, which is going to leave things > >> in a fairly nasty place for all pre-9.6 branches ... > > > I think it'd be great to finish that project, but having to use > > MacPorts to install the headers isn't really a big deal, is it? > > Well, you'd have to use MacPorts' version of the openssl libraries, > too, since there'd be no certainty that their headers match the > Apple-provided libraries (in fact, I'd bet a lot that they don't). > This would be a pain if you wanted to put your compiled PG executables > on some other Mac. > Presumably the folks who build Postgres.app and the EDB installers will take care of that for the big majority of people though, won't they? I agree it's something we should fix, but I'm not sure it's that urgent. It's no different from what Windows people have been dealing with all along, is it? And while it affects pg developers, I doubt it'll hit that many users? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
Re: [HACKERS] El Capitan Removes OpenSSL Headers
Robert Haas writes: > On Tue, Dec 1, 2015 at 2:56 PM, Tom Lane wrote: >> "David E. Wheeler" writes: >>> I donât suppose anyone has looked at what it would take to get PostgreSQL >>> use Secure Transport, right? >> This is going to put a bit more urgency into the project Heikki had been >> working on to allow use of more than one SSL implementation. I can't >> really see us back-porting that, though, which is going to leave things >> in a fairly nasty place for all pre-9.6 branches ... > I think it'd be great to finish that project, but having to use > MacPorts to install the headers isn't really a big deal, is it? Well, you'd have to use MacPorts' version of the openssl libraries, too, since there'd be no certainty that their headers match the Apple-provided libraries (in fact, I'd bet a lot that they don't). This would be a pain if you wanted to put your compiled PG executables on some other Mac. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] El Capitan Removes OpenSSL Headers
On Tue, Dec 1, 2015 at 2:56 PM, Tom Lane wrote: > "David E. Wheeler" writes: >> Looks like Mac OS X 10.11 El Capitan has remove the OpenSSL header files. >> They recommend building your own or using native OS X SDKs, like Secure >> Transport: >> http://lists.apple.com/archives/macnetworkprog/2015/Jun/msg00025.html > > That's annoying. > >> I don’t suppose anyone has looked at what it would take to get PostgreSQL >> use Secure Transport, right? > > This is going to put a bit more urgency into the project Heikki had been > working on to allow use of more than one SSL implementation. I can't > really see us back-porting that, though, which is going to leave things > in a fairly nasty place for all pre-9.6 branches ... I think it'd be great to finish that project, but having to use MacPorts to install the headers isn't really a big deal, is it? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] El Capitan Removes OpenSSL Headers
"David E. Wheeler" writes: > Looks like Mac OS X 10.11 El Capitan has remove the OpenSSL header files. > They recommend building your own or using native OS X SDKs, like Secure > Transport: > http://lists.apple.com/archives/macnetworkprog/2015/Jun/msg00025.html That's annoying. > I donât suppose anyone has looked at what it would take to get PostgreSQL > use Secure Transport, right? This is going to put a bit more urgency into the project Heikki had been working on to allow use of more than one SSL implementation. I can't really see us back-porting that, though, which is going to leave things in a fairly nasty place for all pre-9.6 branches ... regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers