From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:470:142:3::10]:49736)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hg1ZH-0000cZ-II
 for guix-patches@gnu.org; Wed, 26 Jun 2019 02:38:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hg1ZE-0000sT-B5
 for guix-patches@gnu.org; Wed, 26 Jun 2019 02:38:05 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:48826)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1hg1ZB-0000qb-Ua
 for guix-patches@gnu.org; Wed, 26 Jun 2019 02:38:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hg1ZB-000362-Oc
 for guix-patches@gnu.org; Wed, 26 Jun 2019 02:38:01 -0400
Subject: [bug#36191] [PATCH] gnu: postgres service: More secure default
 permissions.
Resent-Message-ID: <handler.36191.B36191.156153106911880@debbugs.gnu.org>
From: Giovanni Biscuolo <g@xelera.eu>
In-Reply-To: <874l4dlll0.fsf@gnu.org>
References: <20190613135037.10645-1-rob@vllmrt.net> <874l4dlll0.fsf@gnu.org>
Date: Wed, 26 Jun 2019 08:37:15 +0200
Message-ID: <87zhm44ztw.fsf@roquette.mug.biscuolo.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, Robert Vollmert <rob@vllmrt.net>
Cc: 36191@debbugs.gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Ludovic Court=C3=A8s <ludo@gnu.org> writes:

> Robert Vollmert <rob@vllmrt.net> skribis:
>
>> This changes to 'peer' authentication for local socket connections,
>> and password-based authentication for local network connections.
>>
>> * gnu/services/databases.scm (%default-postgres-hba): Change
>> authentication method.
>
> That sounds reasonable to me.  Chris, WDYT?

It's very reasonable to have such default auth methods for PostgresSQL:
we should apply this patch

Thanks Robert!

[...]

=2D-=20
Giovanni Biscuolo

Xelera IT Infrastructures

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERcxjuFJYydVfNLI5030Op87MORIFAl0TEpwACgkQ030Op87M
ORIcQQ/9HtBhBrQfa1FqdyPnpFAOOx4DHxY2U8KqwAZaZZBtHKiRPSjSwDukhvGh
qzGDXGZSrNugRnrpmF+d6KEaG5lw4IGDXx0Ce+batSBr/Ucguoa4yDoaDNCYmE3R
h0CYNLjCQLVkyBPUvV9CZS7ON/G826Bx8m14E0mA0yFjxHQkH1BkmA/2Pd/K/377
ROqWIJyT4q1ZpcvakK2ymFv9f4l6BlclwvQeAYhyGwDWAGSVb5x/fDC4yMv0TvgK
M8KJxPXkhgPcJef6P5fuVJFwbSGMAkjhkq90rryVBB+OtsyLGkekuq5WZZSiHZ1J
isTkIKdUPs8NSTtiH2mC40sT61U7rSgvBoAlaDytO7gCDIEYa4FfLGT9DEWZO5sb
ByLe68BWh8IQc2vpgnIwfsybgNKKi7WnIkmfx2/+7oYvRzWC3rKE7DTEGlC5ClMR
TZGBRqe0C4zG41NrKPJDUGni7W83j3tf9iKx69BYgc5791mJkN+F3Gtoyz4YmTiq
pV9F2TebXXa2/R6eCPNvjUPsojGLFmb3wCQoxVyxkbOCBbtFHlN/iABALWNtwlnv
1rol4pax5asK9QdUl+P+GWOnEALsYwkKosOjkHpjp6wFfR17lSa2Z2MXl6VzgBlN
Hf3Ilxxbb3ww0dGEa+Cnk9XWwT9RXfo4PkxG6bOi2+LZX5ZBudE=
=5Dtl
-----END PGP SIGNATURE-----
--=-=-=--