> >I will say that if the community feels external-only should be the only > >option, I will stop working on this feature because I feel the result > >would be too fragile to be reliable, > > I'm do not see why it would be the case. I'm just arguing to have key > management in a separate, possibly suid something-else, process, which given > the security concerns which dictates the feature looks like a must have, or > at least must be possible. From a line count point of view, it should be a > small addition to the current code.
All of this hand-waving really isn't helping.
If it's a small addition to the current code then it'd be fantastic if you'd propose a specific patch which adds what you're suggesting. I don't think either Bruce or I would have any issue with others helping out on this effort, but let's be clear- we need something that *is* part of core PG, even if we have an ability to have other parts exist outside of PG.
