"qiumingcheng" <qiumingch...@aliyun.com> writes:
> Yes, It's capable of throwing an error(timestamp out of range) , but the
> message "timestamp out of range" is not sensitive information.
Really? Whether that's true at all is a matter of opinion. There's
also the prospect that somebody could determine the value of a
supposedly-unreadable timestamp by seeing how big an interval could
be added to it without overflow. Maybe that's infeasible because of
timestamp_pl_interval not being marked leakproof, but then we're
getting into precisely the sort of conditional-on-other-assumptions
reasoning that we don't want to indulge in.
> Only from this function(timestamp_gt_timestamptz), can it be marked as
> leakproof?
Project policy is that we will not mark a function as leakproof unless
it's evident from the text of the function that it can't throw errors.
I don't see a good argument for making a exception for this one.
regards, tom lane
