* Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost <sfr...@snowman.net> writes: > > On Friday, August 21, 2015, Tom Lane <t...@sss.pgh.pa.us> wrote: > >> It is not really acceptable to leave roles hanging around after "make > >> installcheck"; that would be a security hazard for the installation. > >> Please drop them. > > > The only ones which were left were intentionally all NOLOGIN to address > > that concern, which I had considered. Is there another issue with them > > beyond potential login that I'm missing? > > NOLOGIN addresses the most obvious abuse potential, but it hardly seems > like the only risk. And we have never yet intended the main regression > tests to serve as a testbed for "pg_dumpall -g". A bugfix commit is > not the place to start changing that policy.
I've updated the test to drop the roles at the end.
> (If you want to have some testing in this area, perhaps adding roles
> during the pg_upgrade test would be a safer place to do it.)
I'll look into this. The lack of pg_dumpall testing is pretty
concerning, considering how important it is to pg_upgrade.
Thanks!
Stephen
signature.asc
Description: Digital signature
