Re: incorrect pg_dump output due to not handling dropped roles correctly

Stephen Frost <sfrost@snowman.net> writes:
> In particular- should we really be setting default privileges for objects
> that are being created by an extension, at all?  The more I think about it,
> the less I like it, particularly when we start to think about the trusted
> extension work that Tom’s doing.

> In short, I’m leaning towards the argument that this was a missing check in
> the default ACL code to explicitly *not* add default privileges on objects
> that are being created by an extension.  With such a check, the entire
> wouldn’t end up in pg_init_privs and the issue that started this thread
> wouldn’t happen.

Hmm.  I think we'd still wish pg_upgrade to preserve whatever privileges
have been granted on extension objects, but that doesn't necessarily
have to happen through pg_init_privs.  I've forgotten the details ---
would the change you suggest be enough to make upgrade work correctly,
or would we need additional hacking?

            regards, tom lane