| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Removing pg_pltemplate and creating "trustable" extensions |
| Date: | 2020-01-28 20:52:36 |
| Message-ID: | 5544.1580244756@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> The minimum committable patch seems like it would just grant the
>> "can install trusted extensions" ability to DB owners, full stop.
> If you're alright with making it something a DB owner can do, what is
> the issue with making it part of the CREATE right on the database?
Um, well, people were complaining that it should be a distinct privilege,
which I for one wasn't sold on.
I continue to think that allowing DB owners to decide this is, if not
fundamentally the wrong thing, at least not a feature that anybody has
asked for in the past. The feature *I* want in this area is for the
superuser to be able to decide who's got install privilege. Making
it a DB-level privilege doesn't serve that goal, more the opposite.
Still, if we can compromise by making this part of DB "CREATE" privilege
for the time being, I'm willing to take that compromise. It's certainly
better than failing to get rid of pg_pltemplate.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2020-01-28 20:54:35 | Re: [PATCH] Windows port, fix some resources leaks |
| Previous Message | Robert Haas | 2020-01-28 20:51:54 | Re: BufFileRead() error signalling |