Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tqaVm-007Kvq-Ee for pgsql-hackers@arkaria.postgresql.org; Fri, 07 Mar 2025 16:25:22 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tqaVk-00Al6u-0t for pgsql-hackers@arkaria.postgresql.org; Fri, 07 Mar 2025 16:25:20 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tqaUR-00AgIo-H7 for pgsql-hackers@lists.postgresql.org; Fri, 07 Mar 2025 16:23:59 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1tqaUN-001Wrn-0L for pgsql-hackers@lists.postgresql.org; Fri, 07 Mar 2025 16:23:58 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 527GNpL41021860; Fri, 7 Mar 2025 11:23:51 -0500 From: Tom Lane To: Jelte Fennema-Nio cc: Robert Haas , Michael Banck , PostgreSQL Hackers Subject: Re: [PATCH] New predefined role pg_manage_extensions In-reply-to: References: <65a1524e.050a0220.49266.7670@mx.google.com> Comments: In-reply-to Jelte Fennema-Nio message dated "Fri, 07 Mar 2025 15:02:15 +0100" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1021858.1741364631.1@sss.pgh.pa.us> Date: Fri, 07 Mar 2025 11:23:51 -0500 Message-ID: <1021859.1741364631@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Jelte Fennema-Nio writes: > The reason why I walked back my comment was that cloud providers can > simply choose which extensions they actually add to the image. If an > extension is marked as not trusted by the author, then with this role > they can still choose to add it without having to make changes to the > control file if they think it's "secure enough". If they think it's "secure enough", they can mark it trusted in their images. Why do we need anything beyond that? regards, tom lane