OK, got it. Thank you very much.
------------------------------------------------------------------
发件人:Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
发送时间:2022年10月18日(星期二) 00:27
收件人:qiumingcheng <qiumingcheng(at)aliyun(dot)com>
抄 送:Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>; Julien Rouhaud <rjuju123(at)gmail(dot)com>; pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org>; yuexingzhi <yuexingzhi(at)hotmail(dot)com>
主 题:Re: 回复:回复:回复:回复:A question about leakproof
"qiumingcheng" <qiumingcheng(at)aliyun(dot)com> writes:
> Yes, It's capable of throwing an error(timestamp out of range) , but the
> message "timestamp out of range" is not sensitive information.
Really? Whether that's true at all is a matter of opinion. There's
also the prospect that somebody could determine the value of a
supposedly-unreadable timestamp by seeing how big an interval could
be added to it without overflow. Maybe that's infeasible because of
timestamp_pl_interval not being marked leakproof, but then we're
getting into precisely the sort of conditional-on-other-assumptions
reasoning that we don't want to indulge in.
> Only from this function(timestamp_gt_timestamptz), can it be marked as leakproof?
Project policy is that we will not mark a function as leakproof unless
it's evident from the text of the function that it can't throw errors.
I don't see a good argument for making a exception for this one.
regards, tom lane