Techly NewsGet the app

Get the latest tech news

The new PostgreSQL 17 make dist


When the PostgreSQL project makes a release, the primary artifact of that is the publication of a source code tarball. That represents the output of all the work that went into the creation of the PostgreSQL software up to the point of the release. The source tarball is then used downstream by packagers to make binary packages (or file system images or installation scripts or similar things), or by some to build the software from source by hand.

The way the tarball creation works is that the person who prepares the release runs make dist on a machine that is specially kept “clean” for that purpose. (This work overlapped with the discovery of the XZ Utils backdoor, which exploited (among other things) exactly this non-reproducible tarball creation process. There are, of course, various technical and social processes in the PostgreSQL developer community that monitor the integrity of the source code, but there is nothing currently that checks in a computerized, cryptographic way the origin of what goes into the Git repository.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of new PostgreSQL

new PostgreSQL

Photo of dist

dist

« Supabase (YC S20) Is Hiring a Technical Product Manager
Telecom Italia to Get €250 Million in Inwit Stake Sale to Ardian »