Andrew Sullivan <ajs@crankycanuck.ca> writes:
> On Mon, Jun 25, 2007 at 01:31:52PM -0400, Tom Lane wrote:
>> Why is that better than the initdb-time option we already have?
>> Locking down options earlier rather than later is usually not a win.
> Like I said, I don't actually think it _is_ better. But it would
> solve the problem that some people think it's a bad thing that you
> run superuser-type commands without reading the manual, and then get
> a badly-secured system. (The idea here, incidentally, is not to
> replace the initdb-time option, but to set the default of the initdb
> command.)
But, per previous discussion, the people that would be affected are
only the ones building from source. If they didn't read the manual
for initdb (nor notice the warning it puts out about trust auth),
they *certainly* didn't look for any nonstandard configure options.
The normal build process for any open-source package is
./configuremakesudo make install... now what? OK, time to read the manual ...
regards, tom lane