Hi, On Fri, Mar 07, 2025 at 09:17:46AM -0500, Robert Haas wrote: > Why wouldn't the cloud provider just change add 'trusted = true' to > the relevant control files instead of doing this?
That would be possible, but maybe the cloud provider is using distribution packages and does not want to muck around in the file system (as is usually frowned upon), or, maybe more likely, is using container images based on (what I've seen most of them are) the Debian packages and cannot (or does not want to anyway) muck around in the file system easily. Also, I think there is case to be made that a cloud provider (or site admin) would like to delegate the decision whether users with CREATE rights on a particular database are allowed to install some extensions or not. Or rather, assign somebody they believe would make the right call to do that, by granting pg_manage_extensions. On the other hand, maybe trusted should be part of the catalog and not (just) the extension control file, so that somebody with appropriate permissions (like the cloud provider during instance bootstrap) could do "ALTER EXTENSION foo (SET trusted|TRUSTED);" or whatever. ISTR that I reviewed the discussion around trusted back then and did not see that possiblity discussed at all, but I might be misremembering, it's been a while. Michael
