> On Apr 1, 2019, at 9:55 AM, Tom Lane <tgl@xxxxxxxxxxxxx> wrote: > > Magnus Hagander <magnus@xxxxxxxxxxxx> writes: >>> On Sat, Mar 30, 2019 at 10:16 PM Tom Lane <tgl@xxxxxxxxxxxxx> wrote: >>> Yeah; this is supposing that there is a security boundary between >>> Postgres superusers and the OS account running the server, which >>> there is not. We could hardly have features like untrusted PLs >>> if we were trying to maintain such a boundary. > >> I wonder if we need to prepare some sort of official response to that. >> I was considering writing up a blog post about it, but maybe we need >> something more official? > > Blog post seems like a good idea. As for an "official" response, > it strikes me that maybe we need better documentation. +1, though I’d want to see if people get noisier about it before we rule out an official response. A blog post from a reputable author who can speak to security should be good enough and we can make noise through our various channels. Jonathan