CVS corruption/mistagging?
in [PgSql]
|
Prev: Bug: Buffer cache is not scan resistant
Next: CREATE DATABASE cannot be executed from a function or multi-command string
From: Tom Lane on 15 Aug 2007 12:10 Stefan Kaltenbrunner <stefan(a)kaltenbrunner.cc> writes: > Peter Eisentraut wrote: >> Am Mittwoch, 15. August 2007 04:20 schrieb Tom Lane: >>> we should at least log such commands, and maybe disallow to anyone >>> except Marc's "pgsql" account. >> >> I don't think we should disallow it. Or otherwise we might one day be stuck >> if we need to release while some specific person is on vacation. > Is this really a problem in practise ? I'd be happy if such commands got reported to the pgsql-committers mailing list. The real problem with this mistake is not so much that it was made as that we had to do detective work to find out. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate
From: "Marc G. Fournier" on 15 Aug 2007 12:20 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Wednesday, August 15, 2007 12:11:35 +0200 Peter Eisentraut <peter_e(a)gmx.net> wrote: > Am Mittwoch, 15. August 2007 04:20 schrieb Tom Lane: >> we should at least log such commands, and maybe disallow to anyone >> except Marc's "pgsql" account. > > I don't think we should disallow it. Or otherwise we might one day be stuck > if we need to release while some specific person is on vacation. This isn't a big issue ... note that the 'restriction' is easy to remove ... you checkout CVSROOT, modify taginfo and comment out the ALL l ine and check that in ... What this will prevent is an 'accidental tagging' ... you would have to consciously remove the restriction .. but its something anyone could do ... > I never understood why tagging uses a special account anyway. It should be > done as the person doing the tagging. Agreed, I'm going to start doing it as myself from now on ... I'm not even 100% certain *why* I started doing it as pgsql in the first place ... - ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy(a)hub.org MSN . scrappy(a)hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFGwye54QvfyHIvDvMRAiHEAKCHGtXA+r5PM1SoBewMJDo3An7BKACg0//z gM7eZNoTEU4sqwBIHprFK1k= =/Qga -----END PGP SIGNATURE----- ---------------------------(end of broadcast)--------------------------- TIP 4: Have you searched our list archives? http://archives.postgresql.org
From: Magnus Hagander on 15 Aug 2007 14:57 Marc G. Fournier wrote: > > > --On Wednesday, August 15, 2007 12:11:35 +0200 Peter Eisentraut > <peter_e(a)gmx.net> wrote: > >> Am Mittwoch, 15. August 2007 04:20 schrieb Tom Lane: >>> we should at least log such commands, and maybe disallow to anyone >>> except Marc's "pgsql" account. >> I don't think we should disallow it. Or otherwise we might one day be stuck >> if we need to release while some specific person is on vacation. > > This isn't a big issue ... note that the 'restriction' is easy to remove ... > you checkout CVSROOT, modify taginfo and comment out the ALL l ine and check > that in ... > > What this will prevent is an 'accidental tagging' ... you would have to > consciously remove the restriction .. but its something anyone could do ... > >> I never understood why tagging uses a special account anyway. It should be >> done as the person doing the tagging. > > Agreed, I'm going to start doing it as myself from now on ... I'm not even 100% > certain *why* I started doing it as pgsql in the first place ... If you're doing that, we should probably just delete the pgsql userid from the system? Or at least change it so it doesn't have 'dev' permissions. That way you can't do it wrong in that direction ;-) Seems reasonable? //Magnus ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings
From: "Marc G. Fournier" on 15 Aug 2007 15:12 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --On Wednesday, August 15, 2007 20:57:14 +0200 Magnus Hagander <magnus(a)hagander.net> wrote: > Marc G. Fournier wrote: >> >> >> --On Wednesday, August 15, 2007 12:11:35 +0200 Peter Eisentraut >> <peter_e(a)gmx.net> wrote: >> >>> Am Mittwoch, 15. August 2007 04:20 schrieb Tom Lane: >>>> we should at least log such commands, and maybe disallow to anyone >>>> except Marc's "pgsql" account. >>> I don't think we should disallow it. Or otherwise we might one day be stuck >>> if we need to release while some specific person is on vacation. >> >> This isn't a big issue ... note that the 'restriction' is easy to remove >> ... you checkout CVSROOT, modify taginfo and comment out the ALL l ine and >> check that in ... >> >> What this will prevent is an 'accidental tagging' ... you would have to >> consciously remove the restriction .. but its something anyone could do ... >> >>> I never understood why tagging uses a special account anyway. It should be >>> done as the person doing the tagging. >> >> Agreed, I'm going to start doing it as myself from now on ... I'm not even >> 100% certain *why* I started doing it as pgsql in the first place ... > > If you're doing that, we should probably just delete the pgsql userid > from the system? Or at least change it so it doesn't have 'dev' > permissions. That way you can't do it wrong in that direction ;-) > Seems reasonable? there is no pgsql user *on* cvs.postgresql.org, at least there wasn't when I logged on last night: cvs# grep pgsql /etc/passwd cvs# - ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy(a)hub.org MSN . scrappy(a)hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFGw1AR4QvfyHIvDvMRArsSAJ9WzXyMu7Io6dP8kDnR5HHex1f1gQCg7iDq 3p2RrAzww4dCDPVCyMozAnM= =L+/M -----END PGP SIGNATURE----- ---------------------------(end of broadcast)--------------------------- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
From: Magnus Hagander on 15 Aug 2007 15:13
Marc G. Fournier wrote: >> If you're doing that, we should probably just delete the pgsql userid >> from the system? Or at least change it so it doesn't have 'dev' >> permissions. That way you can't do it wrong in that direction ;-) >> Seems reasonable? > > there is no pgsql user *on* cvs.postgresql.org, at least there wasn't when I > logged on last night: > > cvs# grep pgsql /etc/passwd > cvs# Ah, seems I was faster than I expected myself :-) Problem solved then. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings |