[postgis-devel] 3.0.1 issues report
Brian M Hamlin
maplabs at light42.com
Fri Jun 26 09:04:02 PDT 2020
Hi Greg, All -
as part of OSGeoLive 2020 on Ubuntu Focal, I am working with sethg
from Mapserver project and noticed the following in the build recipe for
mapserver Debian packaging:
apt-get install --allow-unauthenticated protobuf-c-compiler
libprotobuf-c-dev
This seems to shows security vetting on *protobuf* adding a new layer of
checks to library origin and content at build time. This apparent trend
needs to be considered along with PostGIS project goals, to decide on
what libraries are optional and what are not, in a build. Personally, I
consider civilian access to strong computer science a high priority,
with appropriate disclosure and documentation along with it.
best regards from Berkeley, California --Brian M Hamlin
/ MAPLABS
On 6/26/20 8:52 AM, Greg Troxel wrote:
> rmrodriguez at carto.com writes:
>
>> Please let me know when you've had the chance of testing it. If it
>> works correctly I'll push the fixes to 3.0 and the future 3.1.
> I found the github web interface remarkably difficult in that there was
> no obvious way to download a patch for those commits. But I added your
> repo as a remote to my clone of the official repo, and ran git diff....
>
> With that applied to the 3.0.1 release, and rerunning autoconf, I was
> able to build without pkg-config, json-c, protobuf-c exposd to the
> build, and 'make check' passed.
>
>>> It might be reasonable to just say 'pkg-config is required', test for
>>> it, and error out if not.
>> I think we still officially support dependencies that didn't use
>> pkg-config (and they they started using it), but I think it would
>> indeed make sense to start requiring pkg-config to simplify both the
>> management and errors in different environments.
> I didn't mean to require that all dependencies be found via pkg-config.
> I meant to require pkg-config to be present to build postgis at all.
> Then each dependency can be moved to pkg-config only as that is
> reasonable.
>
>>> I guess it would be nice if README.postgis explained really clearly what
>>> was gained or lost by having it. (I realize I tend to be particularly
>>> demanding about these sorts of doc/advice things.)
>> I see that README.postgis does mention that protobuf-c is necessary
>> for ST_AsMVT and ST_AsGeoBuf. How would you reword it to make it
>> clearer?
> I guess my request is unreasonable, but I'd like someone who is building
> binaries for others to be able to tell if they should
>
> 1) impose the protobuf dependency on everyone, letting those two
> functions work, or
>
> 2) omit protobuf, have those functions not work, and have everybody
> not have the dependency
>
> which is really a question of whether being handed a binary postgis
> install that is missing protobuf is 1) normal or 2) defective. I'm
> trying to separate "SHOULD have this dependency (but we can build
> without it)" from "this is weird and if you want to do this, add it".
>
> But really you can just tell me wich is which.
> _______________________________________________
> postgis-devel mailing list
> postgis-devel at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/postgis-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/postgis-devel/attachments/20200626/c3d64801/attachment.html>
More information about the postgis-devel
mailing list