On Fri, Mar 7, 2025 at 11:21 AM Tom Lane <t...@sss.pgh.pa.us> wrote: > While I'm all for chipping away at what superuser privilege is > needed for, we have to tread VERY carefully about chipping away > at things that allow any outside-the-database access.
I agree, but I also don't want the security decisions that the core project takes to become irrelevant in practice. It seems like what's starting to happen is that all of the cloud providers end up finding the same issues and working around them in very similar ways and they don't do anything in PostgreSQL itself, I guess because that would require winning an argument on the mailing list. I think that dynamic is bad for us as an open-source project, so I'm trying to be particularly careful about evaluating proposals that smell like "all the cloud providers are already doing this, why don't we maybe just agree that it's needed". I'm not certain that this is such a case, and I'd like to have more information about what the cloud providers are actually doing in this area, but I'm alert to the possibility that it might be the case. -- Robert Haas EDB: http://www.enterprisedb.com
