On Mon, Jun 30, 2014 at 9:39 AM, Stephen Frost <sfr...@snowman.net> wrote: >> I think the fact that pgaudit does X and you think it should do Y is a >> perfect example of why we're nowhere close to being ready to push >> anything into core. We may very well want to do that someday, but not >> yet. > > That's fine- but don't push something in which will make it difficult to > add these capabilities later (and, to be clear, I'm not asking out of > pipe dreams and wishes but rather after having very specific discussions > with users and reviewing documents like NIST 800-53, which is publically > available for anyone to peruse).
I don't think that's a valid objection. If we someday have auditing in core, and if it subsumes what pgaudit does, then whatever interfaces pgaudit implements can be replaced with wrappers around the core functionality, just as we did for text search. But personally, I think this patch deserves to be reviewed on its own merits, and not the extent to which it satisfies your requirements, or those of NIST 800-53. As I said before, I think auditing is a complicated topic and there's no guarantee that one solution will be right for everyone. As long as we keep those solutions out of core, there's no reason that multiple solutions can't coexist; people can pick the one that best meets their requirements. As soon as we start talking about something putting into core, the bar is a lot higher, because we're not going to put two auditing solutions into core, so if we do put one in, it had better be the right thing for everybody. I don't even think we should be considering that at this point; I think the interesting (and under-discussed) question on this thread is whether it even makes sense to put this into contrib. That means we need some review of the patch for what it is, which there hasn't been much of, yet. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers