Stephen Frost <sfrost@snowman.net> writes:
> On Friday, August 21, 2015, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> It is not really acceptable to leave roles hanging around after "make
>> installcheck"; that would be a security hazard for the installation.
>> Please drop them.
> The only ones which were left were intentionally all NOLOGIN to address
> that concern, which I had considered. Is there another issue with them
> beyond potential login that I'm missing?
NOLOGIN addresses the most obvious abuse potential, but it hardly seems
like the only risk. And we have never yet intended the main regression
tests to serve as a testbed for "pg_dumpall -g". A bugfix commit is
not the place to start changing that policy.
(If you want to have some testing in this area, perhaps adding roles
during the pg_upgrade test would be a safer place to do it.)
regards, tom lane
