Hi, On 2019-06-21 16:37:16 -0400, Tom Lane wrote: > We do have to get past the compatibility issue though. My thought was > that for a period of N years we could force allow_system_table_dml = on > while running extension scripts, and then cease doing so. This would > give extension authors a reasonable window in which their scripts would > work in either old or new backends. At some point in that time they'd > probably have occasion to make other changes that render their scripts > not backwards compatible, at which point they can insert "SET > allow_system_table_dml = on" so that the script keeps working when we > remove the compatibility hack.
I'd modify this approach by having a allow_system_table_dml level that warns when DDL to system tables is performed, and then set allow_system_table_dml to that when processing extension scripts (and perhaps modify the warning message when creating_extension == true). That way it'd be easier to spot such extension scripts. And I'd personally probably just set allow_system_table_dml to warn when working interactively, just to improve logging etc. > This line of thought leads to the conclusion that we do want > separate "allow_system_table_dml" and "allow_system_table_ddl" > bools. Otherwise, the backwards-compatibility hack would need > to turn on a level of unsafety that extension scripts have *not* > had before and surely shouldn't have by default. +1 Greetings, Andres Freund
