On 24.05.22 22:58, Nathan Bossart wrote:
> FWIW this was my original thinking. I can choose to build/install
> extensions separately, but when it comes to PL/Tcl and PL/Perl, you've
> got to build the trusted and untrusted stuff at the same time, and the
> untrusted symbols remain even if you remove the control file and
> installation scripts. Of course, this isn't a complete solution for
> removing the ability to do any sort of random file system access, though.
This only makes sense to me if you install directly from the source tree
to your production installation. Presumably, there is usually a
packaging step in between. And you can decide at that point which files
to install or not to install.