Re: Proposed patch for key management

> >I will say that if the community feels external-only should be the only
> >option, I will stop working on this feature because I feel the result
> >would be too fragile to be reliable,
>
> I'm do not see why it would be the case. I'm just arguing to have key
> management in a separate, possibly suid something-else, process, which given
> the security concerns which dictates the feature looks like a must have, or
> at least must be possible. From a line count point of view, it should be a
> small addition to the current code.

All of this hand-waving really isn't helping.

If it's a small addition to the current code then it'd be fantastic if
you'd propose a specific patch which adds what you're suggesting.  I
don't think either Bruce or I would have any issue with others helping
out on this effort, but let's be clear- we need something that *is* part
of core PG, even if we have an ability to have other parts exist outside
of PG.