Re: pl/pgsql enabled by default

Andrew Sullivan wrote:
> This is not really analogous, because those are already on

Which is my point: you're suggesting we retrofit a security policy onto 
PG that does not apply to the vast majority of the base system -- and 
that if applied would require fundamental changes.

> Indeed.  But that doesn't mean that the principle isn't sound for
> both cases.  I haven't seen an argument against that yet.

Security (in the limited sense of "disabling features by default") is 
not free; there is a tradeoff between security and convenience, security 
and administrative simplicity, and so on. Given that I have yet to see a 
single substantive argument for pl/pgsql being a security risk that has 
withstood any scrutiny, I don't see that the "security" side of the 
tradeoff has a lot of merit.

-Neil