I'm sorry to interrupt you, but I feel strong sympathy with Stephen-san.
From: "Robert Haas" <robertmh...@gmail.com>
I don't think that's a valid objection. If we someday have auditing in core, and if it subsumes what pgaudit does, then whatever interfaces pgaudit implements can be replaced with wrappers around the core functionality, just as we did for text search.
Won't it be burden and a headache to maintain pgaudit code when it becomes obsolete in the near future?
But personally, I think this patch deserves to be reviewed on its own merits, and not the extent to which it satisfies your requirements, or those of NIST 800-53. As I said before, I think auditing is a complicated topic and there's no guarantee that one solution will be right for everyone. As long as we keep those solutions out of core, there's no reason that multiple solutions can't coexist; people can pick the one that best meets their requirements. As soon as we start talking about something putting into core, the bar is a lot higher, because we're not going to put two auditing solutions into core, so if we do put one in, it had better be the right thing for everybody. I don't even think we should be considering that at this point; I think the interesting (and under-discussed) question on this thread is whether it even makes sense to put this into contrib. That means we need some review of the patch for what it is, which there hasn't been much of, yet.
Then, what is this auditing capability for? I don't know whether various regulations place so different requirements on auditing, but how about targeting some real requirements? What would make many people happy? PCI DSS?
I bet Japanese customers are severe from my experience, and I'm afraid they would be disappointed if PostgreSQL provides auditing functionality which does not conform to any real regulations like PCI DSS, NIST, etc, now that other major vendors provide auditing for years. They wouldn't want to customize contrib code because DBMS development is difficult. I wish for in-core serious auditing functionality.
Regards MauMau -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
