[postgis-devel] PSC Vote - Mark postgis, postgis_topology, address_standardizer as trusted
Regina Obe
lr at pcorp.us
Sun Mar 7 12:52:27 PST 2021
Right now I don't think any of our extensions are marked as trusted (except
for postgis_tiger_geocoder which is marked as superuser=false which is a
special use case allowed only for extensions with no C-lib).
That said I was thinking we can safely mark:
postgis
postgis_topology
address_standardizer
postgis_tiger_geocoder
as trusted extensions. This allows non-superusers to install them.
The only issue I see with this -- is I think we might have so hack stuff
that tries to update system tables (like strk's extension update from ANY
and some stuff to make ST_Union parallel safe for older versions).
I suspect these will not fly for non-super users doing updates. That said I
did do a test setting postgis as a trusted extension.
Test: I logged in as a non-super user and installed postgis and ran SELECT
postgis_extensions_upgrade();
Both seemed to work fine. But the upgrade I didn't test going from lower to
higher version, so may fail in some cases.
I would refrain from marking postgis_raster and postgis_sfcgal as trusted
because
1) postgis_raster - does have capability to interact with OS using the
out-db and other modes
2) postgis_sfcgal - cause it's known to have some crashers. Admins can
always mark this as trusted if they want.
Thoughts?
Thanks,
Regina
More information about the postgis-devel
mailing list