Re: Postgres 11 release notes - Mailing list pgsql-hackers
| From | Michael Paquier |
|---|---|
| Subject | Re: Postgres 11 release notes |
| Date | |
| Msg-id | 20180513064308.GB2481@paquier.xyz Whole thread Raw |
| In response to | Postgres 11 release notes (Bruce Momjian <bruce@momjian.us>) |
| Responses |
Re: Postgres 11 release notes
Re: Postgres 11 release notes |
| List | pgsql-hackers |
On Fri, May 11, 2018 at 11:08:52AM -0400, Bruce Momjian wrote: > I have committed the first draft of the Postgres 11 release notes. I > will add more markup soon. You can view the most current version > here: Thanks for gathering all the commits in one piece, Bruce. > I expect a torrent of feedback. ;-) I looked at the entries where my name shows up. Here is some feedback with HEAD at 8c6227a2 (latest as of writing this message). <para> Add information_schema columns related to table constraints and triggers (Michael Paquier) </para> The author of this entry is Peter Eisentraut, not me. <para> Channel binding requires the server end of the <acronym>TLS</acronym> connection to prove that it knows the password. The options are <link linkend="libpq-scram-channel-binding"><option>scram_channel_binding=tls-unique</option></link> and <option>scram_channel_binding=tls-server-end-point</option>. </para> This is not actually correct. Channel binding is an MITM prevention mechanism which makes sure that after the SSL handshake the backend and the frontend are still connected to the same things. "tls-unique" makes sure that a connection is uniquely used using a hash of the TLS finish message, and end-point makes sure that the endpoints are the same using a hash of the server certificate. <para> WHAT DOES THIS DOC TEXT MEAN? "An empty value specifies that the client will not use channel binding. The default value is tls-unique." </para> This means that the client can choose to not use channel binding (which sends a 'n' flag if you refer to the communication protocol of SCRAM), even if the server has advertised to the client channel binding. So this provides a way to disable the feature at will, an on/off switch if you want. If a v10 libpq tries to connect to a v11 server, then it won't use channel binding automatically. That may be worth adding to the documentation as well. <para> Allow access to file system functions to be controlled by <command>GRANT</command>/<command>REVOKE</command> permissions, rather than super-user checks (Michael Paquier) </para> Author is Stephen Frost here. <para> Use <command>GRANT</command>/<command>REVOKE</command> to control access to <link linkend="lo-import"><function>lo_import()</function></link> and <function>lo_export()</function> (Michael Paquier) </para> Tom Lane is a co-author here I think. <para> Add libpq parameter to allow physical and logical replication connections (Michael Paquier) </para> This commit has just added documentation which was missing and incomplete. I would suggest to remove it from the release notes as no new feature has been added. <para> Add <link linkend="app-pgreceivewal"><application>pg_receivewal</application></link> option <option>--no-sync</option> to prevent synchronous <acronym>WAL</acronym> writes (Michael Paquier) </para> Perhaps this should be rewritten? --no-sync just disables any fsync calls for WAL segments, which is useful for tests, not recommended for production environments. <para> Prevent <application>pg_rewind</application> from running as <literal>root</literal> (Magnus Hagander) </para> This one's authorship is actually mine, after a bug I found :) -- Michael
Attachment
pgsql-hackers by date: