[postgis-devel] PSC Vote - Mark postgis, postgis_topology, address_standardizer as trusted

Greg Troxel gdt at lexort.com
Mon Mar 8 05:29:20 PST 2021


"Regina Obe" <lr at pcorp.us> writes:

> I suspect these will not fly for non-super users doing updates.  That said I
> did do a test setting postgis as a trusted extension.
> Test: I logged in as a non-super user and installed postgis and ran  SELECT
> postgis_extensions_upgrade();
>
> Both seemed to work fine.  But the upgrade I didn't test going from lower to
> higher version, so may fail in some cases.

I'm not really following this.  You did an update, and it was ok, but
you think if you did a different (also legitimate) kind of update, it
would fail?

I don't think things should be marked for regular users to install
unless there is confidence that the entire install/update chain will
work and will continue to work in the future.  It should be added to
regression tests if not already.  Do our tests have the notion of being
able to be run as a non-superuser and validating this?  How do we manage
testing the things that aren't, also, in an automated way?

In other words, marking it trusted creates requirements on future
changes.   I'm not sure if that's a good tradeoff.  (I really mean I
don't know; that's not meant to be backnhaded criticism of the idea.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/postgis-devel/attachments/20210308/f97ab9e3/attachment.sig>


More information about the postgis-devel mailing list