Re: Removing pg_pltemplate and creating "trustable" extensions

Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> The patch as I'm proposing it has nothing to do with "CREATE" rights.
>> You're attacking something different from what I actually want to do.

> Yes, as an aside, I'm argueing that we should split up the general
> CREATE privileges, but I also said that's not required for this.

So how do we move this forward? I really don't want this patch to be
blocked by what's fundamentally a side point about permissions.

The minimum committable patch seems like it would just grant the
"can install trusted extensions" ability to DB owners, full stop.
This is small, it's exactly the same as our historical behavior for
trusted PLs, and it's upward compatible with either of two possible
future extensions:

* adding a predefined role (which'd let superusers give out the install
privilege, in addition to DB owners having it)

* converting DB owners' hard-wired privilege to a grantable privilege
(which'd let DB owners give out the install privilege, if the privilege
is attached to the DBs themselves; but maybe there's some other way?)

Given the lack of consensus about either of those being what we want,
it doesn't seem like we're going to come to an agreement in a
reasonable timeframe on a patch that includes either. So I'd like
to get this done and move on to the next problem (ie, what is it
we're actually going to do about the python 2/3 mess).

regards, tom lane