Re: PostgreSQL Auditing

On 02/02/2016 08:13 AM, Michael Banck wrote:
> On Tue, Feb 02, 2016 at 07:24:23AM -0800, Joshua D. Drake wrote:
>> PostgreSQL has auditing. It is available now, just not in core. Postgis
>> isn't available in core either and it seems to do just fine.
>
> I don't really buy that argument. For one, PostGIS has a pretty narrow
> functional use-case (spatial), while auditing is a horizontal use-case
> that could be required for any kind of database usage.

The argument was made specifically for the user because they were using
PostGIS.

>
> Second, PostGIS had 10+ (?) years to build a reputation so that people
> say "if I have to choose between PostGIS and buying Oracle Spatial, of
> course I choose PostGIS", the pgaudit extension does not have that.

True enough but so what? At some point, someone has to use it. Just
because it doesn't have 10 years of experience doesn't mean we should
shove it into core. Those that need it, will use it. My customers (for
example) use what I tell them to use.

> Auditing is a pretty security/enterprisey-related thing that could do
> with the "officially considered to of the PostgreSQL project standard
> and ready for production" rubber-stamp that tends to go along with most
> end-user/admin-oriented stuff shipped in the tarball.

Which is exactly why I think .Org needs an official "Extensions" project
which would completely eliminate these arguments. A project team
explicitly for vetting extensions.

> I am aware that
> 2nd Quadrant, Crunchy Data and EnterpriseDB (different codebase via
> PPAS) all support their auditing extensions commercially, so that there
> is certainly some form of credibility, but still.

Meh, commercial solutions aren't a consideration here. This is
PostgreSQL not EDB or Crunchy.

Sincerely,

JD

--
Command Prompt, Inc. http://the.postgres.company/
+1-503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Everyone appreciates your honesty, until you are honest with them.