Date: Sun, 15 Mar 2015 01:24:16 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 198588] databases/postgresql94-server default dependency on libxml2 Message-ID: <bug-198588-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198588 Bug ID: 198588 Summary: databases/postgresql94-server default dependency on libxml2 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: pgsql@FreeBSD.org Reporter: mij@bitchx.it Assignee: pgsql@FreeBSD.org Flags: maintainer-feedback?(pgsql@FreeBSD.org) Hello folks, Thanks for maintaining PostgreSQL so efficiently on FreeBSD! The port's default config is to have "XML" enabled by default. This adds a dependency to libxml2, one of the ports with the worst security history [1]. This has 3 consequences: * bigger maintenance burden -- rebuilding the DBMS upon any libxml2 vulnerability, i.e. multiple/many times per year * lower uptime -- restarting the DBMS for every rebuild * lower security in default installation -- postgresql insecure when libxml2 is The vanilla distribution of PostgreSQL has this disabled by default itself. I open for discussion if this default build option is worth maintaining. Do the majority of users make use of it? If not, I suggest making if off. cheers michele [1] https://web.nvd.nist.gov/view/vuln/search-results?query=libxml2&search_type=last3years&cves=on -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-198588-13>