> On Aug 15, 2018, at 2:57 PM, Bruce Momjian <bruce@xxxxxxxxxx> wrote: > > On Wed, Aug 15, 2018 at 01:52:43PM -0700, Evan Rempel wrote: >> There are just a ton of configuration elements that the DBAs need to decide on and implement that require >> configuration of components that are outside of the database proper. >> >> It was a worthwhile discussion. One needs to trust the data stewards. > > Agreed. I just wish it had a more positive outcome. ;-) Well, it probably elucidated the issues enough that an expert in SELinux could configure a server such that DBAs could not disable logging. Of course, you still have to trust somebody with that configuration, but it is possible to separate responsibilities if you work hard enough at it.
