* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > On Friday, August 21, 2015, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> >> It is not really acceptable to leave roles hanging around after "make
> >> installcheck"; that would be a security hazard for the installation.
> >> Please drop them.
>
> > The only ones which were left were intentionally all NOLOGIN to address
> > that concern, which I had considered. Is there another issue with them
> > beyond potential login that I'm missing?
>
> NOLOGIN addresses the most obvious abuse potential, but it hardly seems
> like the only risk. And we have never yet intended the main regression
> tests to serve as a testbed for "pg_dumpall -g". A bugfix commit is
> not the place to start changing that policy.
I've updated the test to drop the roles at the end.
> (If you want to have some testing in this area, perhaps adding roles
> during the pg_upgrade test would be a safer place to do it.)
I'll look into this. The lack of pg_dumpall testing is pretty
concerning, considering how important it is to pg_upgrade.
Thanks!
Stephen
