Robert, * Robert Haas (robertmh...@gmail.com) wrote: > On Wed, Jan 25, 2017 at 2:13 PM, Stephen Frost <sfr...@snowman.net> wrote: > > I went over *every* superuser check in the system when I did that work, > > wrote up a long email about why I made the decisions that I did, posted > > it here, had follow-on discussions, all of which lead to the patch which > > ended up going in. > > Link to that email? I went back and looked at that thread and didn't > see anything that looked like a general policy statement to me. But I > may have missed it.
Not sure which thread you were looking at, but this one: https://www.postgresql.org/message-id/20141015052259.GG28859%40tamriel.snowman.net Has a review of all superuser checks in the backend, as noted in the first paragraph ("shown below in a review of the existing superuser checks in the backend"). Later on in that thread, at least in: https://www.postgresql.org/message-id/20160106161302.GP3685%40tamriel.snowman.net In an email to you and Noah: ---------------- The general approach which I've been using for the default roles is that they should grant rights which aren't able to be used to trivially make oneself a superuser. ---------------- My recollection is saying that about 10 times during that period of time, though perhaps I am exaggurating due to it being a rather painful process to get through. > I assume we're > both coming at these issues with the intention of making PostgreSQL > better; Always. > the fact that we don't always agree on everything is probably > inevitable. Agreed. Thanks! Stephen
signature.asc
Description: Digital signature
