Re: pgaudit - an auditing extension for PostgreSQL

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Abhijit Menon-Sen <ams(at)2ndQuadrant(dot)com>
Cc: Simon Riggs <simon(at)2ndQuadrant(dot)com>, Yeb Havinga <yebhavinga(at)gmail(dot)com>, Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, MauMau <maumau307(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Ian Barwick <ian(at)2ndquadrant(dot)com>
Subject: Re: pgaudit - an auditing extension for PostgreSQL
Date: 2015-02-18 13:52:16
Message-ID: 20150218135216.GQ6717@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Abhijit,

* Abhijit Menon-Sen (ams(at)2ndQuadrant(dot)com) wrote:
> At 2015-02-17 13:01:46 -0500, sfrost(at)snowman(dot)net wrote:
> > I have to admit that I'm confused by this. Patches don't stabilise
> > through sitting in the archives, they stabilise when the comments are
> > being addressed, the patch updated, and further comments are
> > addressing less important issues. The issues which Robert and I had
> > both commented on didn't appear to be getting addressed.
>
> I'm confused and unhappy about your characterisation of the state of
> this patch. You make it seem as though there was broad consensus about
> the changes that were needed, and that I left the patch sitting in the
> archives for a long time without addressing important issues.

The specific issue which I was referring to there was the #ifdef's for
the deparse branch. I thought it was pretty clear, based on the
feedback from multiple people, that all of that really needed to be
taken out as we don't commit code to the main repo which has such
external dependencies. That wasn't meant as a characterization of the
patch itself but rather a comment on the state of the process and that
I, at least, had been hoping for a new version which addressed those
bits.

> You revised and refined your GRANT proposal in stages, and I tried to
> adapt the code to suit. I'm sorry that my efforts were not fast enough
> or responsive enough to make you feel that progress was being made. But
> nobody else commented in detail on the GRANT changes except to express
> general misgivings, and nobody else even disagreed when I inferred, in
> light of the lack of consensus that Robert pointed out, that the code
> was unlikely to make it into 9.5.

Progress was being made and I certainly appreciate your efforts. I
don't think anyone would want to stand up and say it's going to be in
9.5 or not be in 9.5 which is likely why you didn't get any reaction
from your comment about it being unlikely. I'm certainly hopeful that
something gets in along these lines as it's a pretty big capability that
we're currently missing.

> Given that I've maintained the code over the past year despite its being
> rejected in an earlier CF, and given the circumstances outlined above, I
> do not think it's reasonable to conclude after a couple of weeks without
> a new version that it was abandoned. As I had mentioned earlier, there
> are people who already use pgaudit as-is, and complain if I break it.

For my part, at least, I didn't intend to characterize it as abandoned
but rather that it simply didn't seem to be moving forward, perhaps due
to a lack of time to work on it or other priorities; I didn't mean to
imply that you wouldn't be continuing to maintain it. As for the
comment about people depending on it, I'm not sure what that's getting
at, but I don't think that's really a consideration for us as it relates
to having a contrib module to provide this capability. We certainly
want to consider what capabilities users are looking for and make sure
we cover those cases, if possible, but this is at a development stage
with regard to core and therefore things may break for existing users.

If that's an issue for your users then it would probably be good to have
a clean distinction between the stable code you're providing to them for
auditing and what's being submitted for inclusion in core, with an
expectation that users will need to make some changes when they switch
to the version which is included in core.

> Anyway, I guess there is no such thing as a constructive history
> discussion, so I'll drop it.

It's not my intent to continue this as I certainly agree that it seems
unlikely to be a constructive use of time, but I wanted to reply and
clarify that it wasn't my intent to characterize pgaudit as abandoned
and to apologize for my comments coming across that way.

Thanks!

Stephen

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Syed, Rahila 2015-02-18 14:23:10 Re: [REVIEW] Re: Compression of full-page-writes
Previous Message Kevin Grittner 2015-02-18 13:36:46 Re: postgres_fdw foreign keys with default sequence