On Tue, Feb 19, 2008 at 08:37:51PM -0500, Andrew Dunstan wrote:
>
> The way I intended to do it would indeed allow it to be undone simply by
> executing 'drop language plpgsql' in template1.
Why isn't it enough that administrators can do CREATE LANGUAGE plpgsql in
template1?
I think this is completely unneeded, given the ease with which this can be
enabled. It seems to me the source distribution of the code ought to be
minimalist. Moreover, given that the trend in daemons is to turn everything
off by default, just in case, I'm puzzled why we want to do the opposite
here. Note that packagers are in a different boat entirely; I see no reason
why packages might not turn this on by default. But they have a narrower
target of users.
I'd be more persuaded by a convenience package of things to enable by
default that ships with the code, and can be run by the installing party.
We'd at least then have an argument to the security community that we
require explicit administrator action to enable the features.
A
