> On 29 Mar 2022, at 00:40, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Andres Freund <andres@anarazel.de> writes:
>> On 2022-03-28 23:27:56 +0200, Daniel Gustafsson wrote:
>>> Do you think this potential foot-gun is scary enough to reject this patch?
>>> There are lots of creative ways to cause Nagios alerts from ones database, but
>>> this has the potential to do so with a small bug in userland code. Still, I
>>> kind of like the feature so I'm indecisive.
>
>> It does seem like a huge footgun. But also kinda useful. So I'm really +-0.
>
> An on-login trigger is *necessarily* a foot-gun; I don't see that this
> particular failure mode makes it any worse than it would be anyway.
Agreed.
> There has to be some not-too-difficult-to-use way to bypass a broken
> login trigger. Assuming we are happy with the design for doing that,
> might as well accept the hazards.
The GUC in this patchset seems to be in line with what most in this thread have
preferred, and with that in place (and single-user mode which still works for
this) I think we have that covered.
--
Daniel Gustafsson https://vmware.com/
