> On Jun 5, 2026, at 23:20, Jacob Champion <[email protected]>
> wrote:
>
> On Fri, Jun 5, 2026 at 7:43 AM Tom Lane <[email protected]> wrote:
>> Also, I don't buy the argument that this is a "leak": if the remote
>> server was willing to send the message to its client, it doesn't think
>> that the message is security-critical.
>
> I don't think the remote gets to decide that, in general. It's up to
> the middle layer to know whether it's operating at the same level of
> trust as the end client.
>
> --Jacob
Thanks to all for the input. It looks like people have different opinions on
this topic. BTW, I realized that my previous wording of "leak" was too strong,
sorry about that.
Here, I think the main concern is that this is an “unintentional" user-visible
behavior change. I went through the original discussion thread [1], and I don't
see this behavior change being explicitly discussed. I am not against Fujii's
idea that emitting a remote WARNING to the client could be helpful, and I also
like Tom's idea of mapping the remote severity to the local log level. But if
we really want to do that, I think we need a dedicated discussion, and that
seems too late for v19. Also, if we eventually decide to change the
client-visible behavior, I think we should document it explicitly.
How about preserving the old client-visible behavior for v19? I can add this
topic to my TODO list and follow up with this work for v20.
[1]
https://postgr.es/m/caldanm2xshpwrtlm-vl_hjcsae3+1y_n-jdear3-suxvqc3...@mail.gmail.com
Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/
