Gregory Stark wrote:
> Consider a scenario like "package <x> uses dblink". Sysadmin follows
> instructions for package <x> and installs dblink. Now package <x>'s
> documentation isn't going to explain the second-order effects and discuss
> restricting who has access to dblink. The sysadmin has no particular interest
> in using dblink himself and probably will never read any dblink docs.
>
> On the other hand if dblink can't be executed by random users then when
> package x tells you to install dblink it will also tell you to grant access to
> the user that package runs as. The sysadmin can consider which users that
> should be.
>
See my last email...
Consider a scenario like "package <x> uses <arbitrary function y in an
untrusted language z>". Exact same concerns arise.
Joe
