From: | Joshua Brindle <method(at)manicmethod(dot)com> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Martijn van Oosterhout <kleptog(at)svana(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
Subject: | Re: [PATCH] SE-PgSQL/tiny rev.2193 |
Date: | 2009-07-20 19:21:05 |
Message-ID: | 4A64C3A1.4040303@manicmethod.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Peter Eisentraut wrote:
> On Monday 20 July 2009 21:05:38 Joshua Brindle wrote:
>> How many people are you looking for? Is there a number or are you waiting
>> for a good feeling?
>
> In my mind, the number of interested people is relatively uninteresting, as
> long as it is greater than, say, three.
>
> What is lacking here is a written specification.
>
> When it comes to larger features, this development group has a great deal of
> experience in implementing existing specifications, even relatively terrible
> ones like SQL or ODBC or Oracle compatibility. But the expected behavior has
> to be written down somewhere, endorsed by someone with authority. It can't
> just be someone's idea. Especially for features that are so complex,
> esoteric, invasive, and critical for security and performance.
>
Who do you consider has authority? The security community has as many opinions
as any other. There are papers written on mandatory access controls in rdbms's
but they are mostly about multi-level security, which SELinux has but primarily
uses type enforcement. The SELinux community are all on board with KaiGai's
object model (the object classes and permissions and how they are enforced),
there has been quite a bit of discussion about them over the years. Trusted
RUBIX integrated SELinux using the object classes that KaiGai made for SEPostgres.
> So I think if you want to get anywhere with this, scrap the code, and start
> writing a specification. One with references. And then let's consider that
> one.
>
Harsh.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2009-07-20 19:25:25 | Re: [PATCH v4] Avoid manual shift-and-test logic in AllocSetFreeIndex |
Previous Message | Bruce Momjian | 2009-07-20 19:01:36 | Re: [GENERAL] pg_migrator not setting values of sequences? |