Re: PostgreSQL Auditing
| От | Simon Riggs |
|---|---|
| Тема | Re: PostgreSQL Auditing |
| Дата | |
| Msg-id | CANP8+jJUTi2QFi5sEQMYes7TNi37LrRyTBhxHBkOrLvrLzWp1A@mail.gmail.com обсуждение исходный текст |
| Ответ на | PostgreSQL Auditing (Curtis Ruck <curtis.ruck+pgsql.hackers@gmail.com>) |
| Ответы |
Re: PostgreSQL Auditing
(Jim Nasby <Jim.Nasby@BlueTreble.com>)
|
| Список | pgsql-hackers |
On 2 February 2016 at 02:05, Curtis Ruck <curtis.ruck+pgsql.hackers@gmail.com> wrote:
--
Just because auditing isn't sexy sharding, parallel partitioning, creative indexing (BRIN), or hundreds of thousands of transactions a second, doesn't make it any less of a requirement to countless organizations that would like to use postgresql, but find the audit requirement a must have.So, in summary, what would it take to get the core PostgreSQL team to actually let auditing patches into the next version?
I appreciate your frustration, though I'd say you're making a few conceptual leaps in what you've said. I can help with a few answers.
For example, 2ndQuadrant developed the original pgAudit extension and currently provide commercial support for users. So whether this gets included into core PostgreSQL or not, is not the gating factor on whether commercial support is available for open source software.
Security is an important thing round here, which also means that we follow a default-deny approach to new features. So it can take some time to include new features in core. The process is the same whether its sexy or not. I agree it can be frustrating at times though overall we maintain a high throughput of new features into PostgreSQL.
The original version of PgAudit sat in the queue unreviewed for about 7 months, which was a huge factor in it not being accepted into 9.5. We are very short of reviewers and detailed reviews are accepted from any source. So yourself or a colleague could make a difference here and I encourage people with specialist knowledge and passion to take part.
P.S., do you know what sucks, having a highly performant PostGIS database that works great, and being told to move to Oracle or SQL Server (because they have auditing). Even though they charge extra for Geospatial support (seriously?) or when they don't even have geospatial support (10 years ago). My customer would prefer to re-engineer software designed around PostgreSQL and pay the overpriced licenses, than not have auditing. I agree that their cost analysis is probably way off, even 10 years later, my only solution would be to move to Oracle, SQL Server, a NoSQL solution, or pay EnterpriseDB for their 2 year old version that doesn't have all the cool/modern jsonb support.
I agree it sucks when other people make money and you don't. That limits funds available to allocate people on tasks, even when we see them as important. But there are many companies who would be willing to implement solutions or extend open source code for you, allowing that problem to be solved. We don't usually discuss that option here, since this is an engineering list.
Since you've written the email here, I'd ask that you join our community and use your knowledge and passion to make things happen.
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: