Andres Freund <andres@anarazel.de> writes:
> There's a number of cases during early startup/auth where we really
> don't want client to get messages.
Right, which we handle at present with ClientAuthInProgress. But
I think it's worth drawing a distinction between "don't send message
to client because of the state we're in" and "don't send this message
to client because it's security-sensitive". The latter is better
handled by annotations attached to specific ereport sites, the former
not.
regards, tom lane