Re: 8.4 release planning
Simon Riggs <simon@2ndquadrant.com>
From: Simon Riggs <simon@2ndQuadrant.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Joshua Brindle <method@manicmethod.com>, Ron Mayer <rm_pg@cheapcomplexdevices.com>, Josh Berkus <josh@agliodbs.com>, "Joshua D. Drake" <jd@commandprompt.com>, Robert Haas <robertmhaas@gmail.com>, Merlin Moncure <mmoncure@gmail.com>, "Jonah H. Harris" <jonah.harris@gmail.com>, Gregory Stark <stark@enterprisedb.com>, Bruce Momjian <bruce@momjian.us>, Bernd Helmle <mailings@oopsware.de>, Peter Eisentraut <peter_e@gmx.net>, pgsql-hackers@postgresql.org
Date: 2009-01-27T17:12:22Z
Lists: pgsql-hackers
On Mon, 2009-01-26 at 22:55 -0500, Tom Lane wrote: > Even accepting such a restriction, there's too much code in > core Postgres to let anyone feel very good about keeping the core free > of security leaks I see what you're saying, but we're trying to pass certification, not provide security in all cases. The security policy & its implementation is part of the wall, so its straightforward to say "don't do those things". Since both backups and plugins are not typically managed by unprivileged users, that seems reasonable. (And anyway, they should be using PITR :-). I'd rather see it go in now. It needs to be audited, and it might fail. If we put it in 8.5 and it still fails, we'll be in 8.6, which is far, far away and we shouldn't expect NEC to fund such a long range mission. -- Simon Riggs www.2ndQuadrant.com PostgreSQL Training, Services and Support