Jim Nasby <Jim.Nasby@BlueTreble.com> writes:
> As for PGXN being an untrusted source, that's something that it's in the
> project's best interest to try and address somehow, perhaps by having
> formally audited extensions. Amazon already has to do this to some
> degree before an extension can be allowed in RDS, and so does Heroku, so
> maybe that would be a starting point.
> I think a big reason Postgres got to where it is today is because of
> it's superior extensibility, and I think continuing to encourage that
> with formal support for things like PGXN is important.
Yeah. Auditing strikes me as a fine example of something for which there
is no *technical* reason to need to put it in core. It might need some
more hooks than we have now, but that's no big deal. In the long run,
we'll be a lot better off if we can address the non-technical factors
that make people want to push such things into the core distribution.
Exactly how we get there, I don't pretend to know.
regards, tom lane