| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
| Cc: | Michael Banck <mbanck(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [PATCH] New predefined role pg_manage_extensions |
| Date: | 2025-03-07 14:17:46 |
| Message-ID: | CA+TgmoZw-+qLZnFSa-6PvkBVFa2iuJVTarP0EnRUgwBe-47XfA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Mar 7, 2025 at 9:02 AM Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> wrote:
> The reason why I walked back my comment was that cloud providers can
> simply choose which extensions they actually add to the image. If an
> extension is marked as not trusted by the author, then with this role
> they can still choose to add it without having to make changes to the
> control file if they think it's "secure enough".
Hmm. It would be easy to do dumb things here, but I agree there are
probably a bunch of debatable cases. Maybe it would be smart if we
labelled our untrusted extensions somehow with why they're untrusted,
or documented that.
Why wouldn't the cloud provider just change add 'trusted = true' to
the relevant control files instead of doing this?
--
Robert Haas
EDB: http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Aleksander Alekseev | 2025-03-07 14:25:52 | Re: Trivial comment fix for tsquerysend() |
| Previous Message | Robert Haas | 2025-03-07 14:12:57 | Re: Space missing from EXPLAIN output |