Re: Updates of SE-PostgreSQL 8.4devel patches (r1704)

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Joshua Brindle <method(at)manicmethod(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches (r1704)
Date: 2009-03-09 20:04:59
Message-ID: 14545.1236629099@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Mon, Mar 9, 2009 at 1:25 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> I've been convinced for awhile that the sepostgres project is going
>> off the rails, and these last couple of exchanges just confirm the fear.

> I'm not sure what you mean by "going off the rails". I think we are
> still beating our way through what Peter Eisentraut said in one of his
> first reviews of this patch: SE-PostgreSQL shouldn't implement MAC
> that isn't a mirror of existing DAC capabilities. If more
> capabilities are needed, the DAC side of things should be designed and
> implemented first. Interestingly, Heikki's latest review comments are
> coming back to exactly this point. So I think we have unanimity that
> everything that doesn't meet this criterion should be ripped out for
> now. But I don't see anyone arguing that those capabilities are
> intrinsically worthless, except possibly you, just that we won't be
> ready to support them in SE-PostgreSQL until we support them in some
> more general sense.

I'm not saying that I think the capability is intrinsically worthless.
What I *am* saying is that I have zero confidence in the current
development process, ie one guy producing patches without any previous
design discussion. What's missing is

1. Community buy-in on the objectives and user-visible semantics.
2. High-level review of the proposed implementation method.
3. Review of the coding details.

We seem to be starting at #3. Now it's not really KaiGai-san's fault;
the fundamental problem IMHO is that no one else is taking very much
interest in the patch. But that in itself speaks volumes about whether
we actually want this patch or should accept it.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2009-03-09 20:22:12 Re: Updates of SE-PostgreSQL 8.4devel patches (r1704)
Previous Message Magnus Hagander 2009-03-09 20:04:37 Re: One less footgun: removing pg_dump -d