On Fri, Jun 6, 2025 at 9:25 AM Nico Williams <nico@cryptonector.com> wrote:
> I'd expect all subsystems to recover cleanly from unclean shutdowns. I
> know, that's a lot to expect, but nowadays pretty much all filesystems
> used in production do, for example.
I guess, but if we stop cleaning up entirely, we will suddenly be
stressing those code paths... But maybe that's a community service? :)
I realize I'm making an argument from fear and ignorance. Maybe that
ecosystem is very healthy. I'm just imagining the following
conversation:
DBA: we upgraded our server and our HSM is freaking out after a few
thousand connections; what gives?
us: oh, we stopped cleaning up after ourselves for performance! tell
your vendor to fix their drivers!
DBA: hahahaha
[1] is a description of the kind of problem I'm worried about. (It's
not 1:1 applicable to this situation, I just think we might start
seeing those sorts of bug reports.)
> I doubt that PG w/ OpenSSL in any configuration maintains stateful
> interactions with HW cryptographic providers.
(Why? From looking over the Cryptoki/PKCS#11 stuff, for example, isn't
a lot of that API stateful?)
--Jacob
[1] https://github.com/OpenSC/libp11/issues/228#issuecomment-402941378
