| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com>, Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> |
| Cc: | Michael Banck <mbanck(at)gmx(dot)net>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: [PATCH] New predefined role pg_manage_extensions |
| Date: | 2025-03-07 14:33:43 |
| Message-ID: | d735a034fb567b844fb43753d02298da8775ad17.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 2025-03-07 at 09:17 -0500, Robert Haas wrote:
> On Fri, Mar 7, 2025 at 9:02 AM Jelte Fennema-Nio <postgres(at)jeltef(dot)nl> wrote:
> > The reason why I walked back my comment was that cloud providers can
> > simply choose which extensions they actually add to the image. If an
> > extension is marked as not trusted by the author, then with this role
> > they can still choose to add it without having to make changes to the
> > control file if they think it's "secure enough".
>
> Hmm. It would be easy to do dumb things here, but I agree there are
> probably a bunch of debatable cases. Maybe it would be smart if we
> labelled our untrusted extensions somehow with why they're untrusted,
> or documented that.
>
> Why wouldn't the cloud provider just change add 'trusted = true' to
> the relevant control files instead of doing this?
That's quite true. Perhaps the patch should be rejected after all.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Julien Rouhaud | 2025-03-07 14:34:05 | Re: what's going on with lapwing? |
| Previous Message | Emre Hasegeli | 2025-03-07 14:28:21 | Re: Trivial comment fix for tsquerysend() |