Greetings, * Tom Lane (t...@sss.pgh.pa.us) wrote: > Noah Misch <n...@leadboat.com> writes: > > Either of those solutions sounds fine. Like last time, I'll vote for > > explicitly > > verifying leakproofness. > > Yeah, I'm leaning in that direction as well. Other than comparisons > involving strings, it's not clear that we'd gain much from insisting > on leakproofness in general, and it seems like it might be rather a > large burden to put on add-on data types.
While I'd actually like it if we required leakproofness for what we ship, I agree that we shouldn't blindly assume that add-on data types are always leakproof and that then requires that we explicitly verify it. Perhaps an argument can be made that there are some cases where what we ship can't or shouldn't be leakproof for usability but, ideally, those would be relatively rare exceptions that don't impact common use-cases. Thanks! Stephen
signature.asc
Description: PGP signature
