Robert Haas <robertmhaas@gmail.com> writes:
> I have looked this over a little bit and I guess I don't see why the
> lack of a grand plan for how to organize all of our permissions checks
> ought to keep us from removing this one on the grounds of redundancy.
> We have to attack this problem in small pieces if we're going to make
> any progress, and the pieces aren't going to get any smaller than
> this.
I would turn that argument around: given the lack of a grand plan,
why should we remove this particular check at all? Nobody has argued
that there would be a significant, or even measurable, performance gain.
When and if we do have a plan, we might find ourselves putting this
check back.
Even if you are right in your unsubstantiated hypothesis that this
change will be a subset of any future change that is made with some plan
in mind, I don't see that incremental revisions of the permissions check
placement are a good way to approach the problem. What I fear will
result from that is gaps in permissions checking, depending on what
combination of revisions of core and third-party code happen to get used
in a given installation.
I think we need a plan first, not random patches first.
regards, tom lane