Greetings Michael, * Michael Paquier (mich...@paquier.xyz) wrote: > I am still a fan of the whitelist approach as there is no actual point > in restricting what people can do with Postgres in terms of > extensibility (relying on tablespace paths for storage plugin looks like > an important thing to me, and we would close doors with a black list, > causing warnings to be generated for basically everything which is not > from heap). What worries me the most is actually the fact that we have > not heard from the original authors of the pg_verify_checksums what they > think on the matter and how we ought to do things, because their > opinion is important. If there is a clear agreement for the direction > to take, I am of course perfectly fine if the conclusion is the opposite > of what I think, but a 3vs2, (3vs3 if I count Andres) is kind of hard to > conclude that we have an actual agreement.
I can understand that we want PostgreSQL to be extensible, but as David pointed out up-thread, what we've actually seen in the wild are cases where random files have mistakenly ended up in the data directory and those have been cases where it's been quite good to have the warnings thrown to indicate that there's been some mistake. I don't think we do our users any service by simply ignoring random files showing up in the data directories. As has been mentioned elsewhere, there's really a 'right' way to do things and allowing PG to be 'extensible' by simply ignoring random files showing up isn't that- if we want PG to be extensible in this way then we need to provide a mechanism for that to happen. While I'd also like to hear from the authors of pg_verify_checksums as to their thoughts, I'm guessing that they're mostly watching from the sidelines while we discuss and not wanting to end up picking the wrong side. When it comes to what we typically do, at least imv, when there's an impass or a disagreement of approaches is to actually not move forward with one side of it over what was in place previously. David, in particular, was certainly involved in the verify checksums work and in the changes for pg_basebackup, having had quite a bit of experience implementing that same mechanism in pgbackrest quite a while before it got into PG proper. That real-world experience with exactly this feature is really quite relevant, imv. Thanks! Stephen
signature.asc
Description: PGP signature
