Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sZWky-001b0l-4M for pgsql-hackers@arkaria.postgresql.org; Thu, 01 Aug 2024 14:26:15 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sZWkw-00AXwl-4P for pgsql-hackers@arkaria.postgresql.org; Thu, 01 Aug 2024 14:26:14 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sZWkv-00AXwd-Qx for pgsql-hackers@lists.postgresql.org; Thu, 01 Aug 2024 14:26:13 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sZWkt-002cO9-Js for pgsql-hackers@lists.postgresql.org; Thu, 01 Aug 2024 14:26:13 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 471EQ5Ar3737864; Thu, 1 Aug 2024 10:26:05 -0400 From: Tom Lane To: Joe Conway cc: Laurenz Albe , Robert Haas , Andrew Dunstan , David Rowley , PostgreSQL Hackers Subject: Re: can we mark upper/lower/textlike functions leakproof? In-reply-to: References: <50d3a76e-afaa-44ed-aef5-6fb7f23cccab@dunslane.net> <5bef8bb0-7a50-4bcf-b052-2a12c3cda0f5@joeconway.com> <3416373.1722449026@sss.pgh.pa.us> <70b9e758-1050-4365-9d67-cc826faaf6a9@joeconway.com> <13ec5d8fc5e3c58053a8762634a4921e3387f57d.camel@cybertec.at> Comments: In-reply-to Joe Conway message dated "Thu, 01 Aug 2024 09:54:52 -0400" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <3737862.1722522365.1@sss.pgh.pa.us> Date: Thu, 01 Aug 2024 10:26:05 -0400 Message-ID: <3737863.1722522365@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Joe Conway writes: > On 8/1/24 07:17, Laurenz Albe wrote: >> But what do you tell the users who would not accept that risk? > Document that the option should not be used if that is the case Are you proposing that we invent two levels of leakproofness with different guarantees? That seems like a mess, not least because there are going to be varying opinions about where we should set the bar for the lower level. regards, tom lane