2011/9/7 Tom Lane <tgl@sss.pgh.pa.us>:
> Noah Misch <noah@leadboat.com> writes:
>> I liked NOLEAKY for its semantics, though I probably would have spelled it
>> "LEAKPROOF". PostgreSQL will trust the function to implement a specific,
>> relatively-unintuitive security policy. We want the function implementers to
>> read that policy closely and not rely on any intuition they have about the
>> "trusted" term of art. Our use of TRUSTED in CREATE LANGUAGE is more
>> conventional, I think, as is the trusted nature of SECURITY DEFINER. In that
>> vein, folks who actually need SECURITY DEFINER might first look at TRUSTED;
>> NOLEAKY would not attract the same unwarranted attention.
>
> I agree that TRUSTED is a pretty bad choice here because of the high
> probability that people will think it means something else than what
> it really means. LEAKPROOF isn't too bad.
>
It seems to me LEAKPROOF is never confusable for everyone, and
no conflicts with other concept, although it was not in my vocaburary.
If no better idea anymore, I'll submit the patch again; with LEAKPROOF keyword.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
