Re: [COMMITTERS] pgsql: Add pg_audit, an auditing extension

JD,

* Joshua D. Drake (jd(at)commandprompt(dot)com) wrote:
> On 05/27/2015 06:11 PM, Stephen Frost wrote:
> >Thank you for your honest comments and your concern.
> >
> >I sincerely hope you're able to be involved in developing auditing for
> >PostgreSQL in the future, as it is a key requirement in any secure
> >environment.
>
> I think we are overlooking the rather obvious elephant in the room.
> This is an extension. There is no reason for it to be in core.
> Revert the patch, gain independence, the ability to innovate
> mid-cycle and move on to bigger fish.

While I certainly appreciate the support, I don't believe auditing will
be able to work as an extension over the long term and if the community
is unwilling or unable to accept steps in that direction through contrib
modules or even changes to core to improve what we are able to provide
in this area, I have very serious doubts about the willingness of
organizations (particularly those in the financial and government space)
to continue to seek out and support PostgreSQL as a viable open source
alternative to the commerical RDBMS's which have had these capabilities
for years.

I'm, again, not suggesting that a contrib module is going to be a
workable long-term solution for all use-cases, but it would solve quite
a few and would be known to be supported, and to have the support of the
community, if released as part of PostgreSQL. These are extremely
serious organizations who care about the reputation of PostgreSQL and
the community for delivering quality software. I certainly have no
intention to tarnish that in any way as it would be quite detrimental to
myself and the community. If that means reverting a patch of my own, or
one which I have supported, so be it.

Thanks!

Stephen