Home > mailing lists

Re: [PATCH] New predefined role pg_manage_extensions - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: [PATCH] New predefined role pg_manage_extensions
Date	March 7 17:17:46
Msg-id	CA+TgmoZw-+qLZnFSa-6PvkBVFa2iuJVTarP0EnRUgwBe-47XfA@mail.gmail.com Whole thread Raw
In response to	Re: [PATCH] New predefined role pg_manage_extensions (Jelte Fennema-Nio <postgres@jeltef.nl>)
Responses	Re: [PATCH] New predefined role pg_manage_extensions Re: [PATCH] New predefined role pg_manage_extensions
List	pgsql-hackers

Tree view

On Fri, Mar 7, 2025 at 9:02 AM Jelte Fennema-Nio <postgres@jeltef.nl> wrote:
> The reason why I walked back my comment was that cloud providers can
> simply choose which extensions they actually add to the image. If an
> extension is marked as not trusted by the author, then with this role
> they can still choose to add it without having to make changes to the
> control file if they think it's "secure enough".

Hmm. It would be easy to do dumb things here, but I agree there are
probably a bunch of debatable cases. Maybe it would be smart if we
labelled our untrusted extensions somehow with why they're untrusted,
or documented that.

Why wouldn't the cloud provider just change add 'trusted = true' to
the relevant control files instead of doing this?

--
Robert Haas
EDB: http://www.enterprisedb.com

pgsql-hackers by date:

From: Robert Haas
Date: 07 March, 17:12:57
Subject: Re: Space missing from EXPLAIN output

From: Aleksander Alekseev
Date: 07 March, 17:25:52
Subject: Re: Trivial comment fix for tsquerysend()

Re: [PATCH] New predefined role pg_manage_extensions - Mailing list pgsql-hackers

Previous

Next