Re: PostgreSQL Audit Extension

Jim Nasby <Jim.Nasby@BlueTreble.com> writes:
> As for PGXN being an untrusted source, that's something that it's in the 
> project's best interest to try and address somehow, perhaps by having 
> formally audited extensions. Amazon already has to do this to some 
> degree before an extension can be allowed in RDS, and so does Heroku, so 
> maybe that would be a starting point.

> I think a big reason Postgres got to where it is today is because of 
> it's superior extensibility, and I think continuing to encourage that 
> with formal support for things like PGXN is important.

Yeah.  Auditing strikes me as a fine example of something for which there
is no *technical* reason to need to put it in core.  It might need some
more hooks than we have now, but that's no big deal.  In the long run,
we'll be a lot better off if we can address the non-technical factors
that make people want to push such things into the core distribution.

Exactly how we get there, I don't pretend to know.
        regards, tom lane