Re: Let people set host(no)ssl settings from initdb

On Mon, Mar 08, 2021 at 06:13:14PM -0500, Andrew Dunstan wrote: > What is the point of doing that if we're going to reject the patch as > discussed upthread? I have read again this thread, and still understand that this is the consensus that has been reached. The CF entry has been updated to refl

Re: Let people set host(no)ssl settings from initdb

On 3/8/21 11:23 AM, Ibrar Ahmed wrote: > > > On Thu, Mar 4, 2021 at 7:25 AM Michael Paquier > wrote: > > On Wed, Mar 03, 2021 at 03:07:30PM +0100, Peter Eisentraut wrote: > > I think there is enough sustained opposition to this patch that > we can mark >

Re: Let people set host(no)ssl settings from initdb

On Thu, Mar 4, 2021 at 7:25 AM Michael Paquier wrote: > On Wed, Mar 03, 2021 at 03:07:30PM +0100, Peter Eisentraut wrote: > > I think there is enough sustained opposition to this patch that we can > mark > > this as rejected in the commitfest. > > +1. > -- > Michael > The patch (v5-0001-Enable-s

Re: Let people set host(no)ssl settings from initdb

On Wed, Mar 03, 2021 at 03:07:30PM +0100, Peter Eisentraut wrote: > I think there is enough sustained opposition to this patch that we can mark > this as rejected in the commitfest. +1. -- Michael signature.asc Description: PGP signature

Re: Let people set host(no)ssl settings from initdb

On 3/3/21 9:07 AM, Peter Eisentraut wrote: On 01.01.21 14:12, Magnus Hagander wrote: That said, I agree with not adding it as an option to initdb. You'll quickly get to the point where you specify the whole pg_hba file on the commandline to initdb -- and most people today who actually care tha

Re: Let people set host(no)ssl settings from initdb

On 01.01.21 14:12, Magnus Hagander wrote: That said, I agree with not adding it as an option to initdb. You'll quickly get to the point where you specify the whole pg_hba file on the commandline to initdb -- and most people today who actually care that much about it would have their pg_hba.conf

Re: Let people set host(no)ssl settings from initdb

On Wed, Dec 30, 2020 at 9:00 PM Tom Lane wrote: > David Fetter writes: > > On Wed, Dec 30, 2020 at 08:24:06PM +0100, David Fetter wrote: > >> On Mon, Sep 07, 2020 at 11:57:58AM +0900, Michael Paquier wrote: > >>> I have looked at the patch of this thread, and I doubt that it is a > >>> good idea

Re: Let people set host(no)ssl settings from initdb

On Wed, Dec 30, 2020 at 03:00:17PM -0500, Tom Lane wrote: > David Fetter writes: > > On Wed, Dec 30, 2020 at 08:24:06PM +0100, David Fetter wrote: > >> On Mon, Sep 07, 2020 at 11:57:58AM +0900, Michael Paquier wrote: > >>> I have looked at the patch of this thread, and I doubt that it is a > >>> g

Re: Let people set host(no)ssl settings from initdb

On Wed, 30 Dec 2020 at 15:00, Tom Lane wrote: > In the third place, > I believe the vast majority of users don't invoke initdb "by hand" > anymore. The typical scenario is to go through a packager-provided > script, which almost certainly won't offer access to these additional > options. I ca

Re: Let people set host(no)ssl settings from initdb

David Fetter writes: > On Wed, Dec 30, 2020 at 08:24:06PM +0100, David Fetter wrote: >> On Mon, Sep 07, 2020 at 11:57:58AM +0900, Michael Paquier wrote: >>> I have looked at the patch of this thread, and I doubt that it is a >>> good idea to put more burden into initdb for that. I agree that >>>

Re: Let people set host(no)ssl settings from initdb

On Wed, Dec 30, 2020 at 08:24:06PM +0100, David Fetter wrote: > On Mon, Sep 07, 2020 at 11:57:58AM +0900, Michael Paquier wrote: > > On Thu, Jul 02, 2020 at 04:02:21PM +0200, Daniel Gustafsson wrote: > > > The CF Patch Tester consider this patch to be malformed and is unable to > > > apply > > > a

Re: Let people set host(no)ssl settings from initdb

On Mon, Sep 07, 2020 at 11:57:58AM +0900, Michael Paquier wrote: > On Thu, Jul 02, 2020 at 04:02:21PM +0200, Daniel Gustafsson wrote: > > The CF Patch Tester consider this patch to be malformed and is unable to > > apply > > and test it. Can you please submit a rebased version? > > I have looked

Re: Let people set host(no)ssl settings from initdb

On Thu, Jul 02, 2020 at 04:02:21PM +0200, Daniel Gustafsson wrote: > The CF Patch Tester consider this patch to be malformed and is unable to apply > and test it. Can you please submit a rebased version? I have looked at the patch of this thread, and I doubt that it is a good idea to put more bur

Re: Let people set host(no)ssl settings from initdb

The CF Patch Tester consider this patch to be malformed and is unable to apply and test it. Can you please submit a rebased version? cheers ./daniel

Re: Let people set host(no)ssl settings from initdb

On Mon, Apr 06, 2020 at 10:12:16PM +, Cary Huang wrote: > The following review has been posted through the commitfest application: > make installcheck-world: tested, passed > Implements feature: tested, passed > Spec compliant: tested, passed > Documentation:tested,

Re: Let people set host(no)ssl settings from initdb

The following review has been posted through the commitfest application: make installcheck-world: tested, passed Implements feature: tested, passed Spec compliant: tested, passed Documentation:tested, passed Hi I applied the patch "v3-0001-Enable-setting-pg_hba.conf-

Re: Let people set host(no)ssl settings from initdb

On Fri, Jan 17, 2020 at 08:47:49PM +0100, David Fetter wrote: > On Wed, Jan 08, 2020 at 02:53:47AM +, tsunakawa.ta...@fujitsu.com wrote: > > From: David Fetter > > > > But I see two problems with the proposed approach: (1) initdb > > > > doesn't support setting up SSL, so the only thing you ca

Re: Let people set host(no)ssl settings from initdb

On Wed, Jan 08, 2020 at 02:53:47AM +, tsunakawa.ta...@fujitsu.com wrote: > From: David Fetter > > > But I see two problems with the proposed approach: (1) initdb > > > doesn't support setting up SSL, so the only thing you can achieve > > > here is to reject all TCP/IP connections, until you ha

RE: Let people set host(no)ssl settings from initdb

From: David Fetter > > But I see two problems with the proposed approach: (1) initdb > > doesn't support setting up SSL, so the only thing you can achieve > > here is to reject all TCP/IP connections, until you have set up SSL. > > I don't believe any special setup is needed to require TLS for th

Re: Let people set host(no)ssl settings from initdb

On Thu, Dec 12, 2019 at 10:47:52AM +0100, Peter Eisentraut wrote: > On 2019-12-12 07:24, David Fetter wrote: > > > That problem exists even before you get to the question of whether > > > this specific option is useful or well-designed ... a question I'm > > > not opining about here, but it would c

Re: Let people set host(no)ssl settings from initdb

On 2019-12-12 07:24, David Fetter wrote: That problem exists even before you get to the question of whether this specific option is useful or well-designed ... a question I'm not opining about here, but it would certainly require thought. I think it was a reasonable extension. We cover lines tha

Re: Let people set host(no)ssl settings from initdb

On Thu, Dec 12, 2019 at 12:23:42AM -0500, Tom Lane wrote: > David Fetter writes: > > I've found myself writing a lot of boilerplate pg_hba.conf entries > > along the lines of > > hostnosslall all 0.0.0.0/0 reject > > hostssl all all 0.0.0.0/0 md5 > > so I

Re: Let people set host(no)ssl settings from initdb

David Fetter writes: > I've found myself writing a lot of boilerplate pg_hba.conf entries > along the lines of > hostnosslall all 0.0.0.0/0 reject > hostssl all all 0.0.0.0/0 md5 > so I thought I'd make it easier to do that from initdb. > What say? I'm p