Re: [PATCH] SE-PgSQL/tiny rev.2193

From: Joshua Brindle <method(at)manicmethod(dot)com>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Martijn van Oosterhout <kleptog(at)svana(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
Subject: Re: [PATCH] SE-PgSQL/tiny rev.2193
Date: 2009-07-20 19:21:05
Message-ID: 4A64C3A1.4040303@manicmethod.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Peter Eisentraut wrote:
> On Monday 20 July 2009 21:05:38 Joshua Brindle wrote:
>> How many people are you looking for? Is there a number or are you waiting
>> for a good feeling?
>
> In my mind, the number of interested people is relatively uninteresting, as
> long as it is greater than, say, three.
>
> What is lacking here is a written specification.
>
> When it comes to larger features, this development group has a great deal of
> experience in implementing existing specifications, even relatively terrible
> ones like SQL or ODBC or Oracle compatibility. But the expected behavior has
> to be written down somewhere, endorsed by someone with authority. It can't
> just be someone's idea. Especially for features that are so complex,
> esoteric, invasive, and critical for security and performance.
>

Who do you consider has authority? The security community has as many opinions
as any other. There are papers written on mandatory access controls in rdbms's
but they are mostly about multi-level security, which SELinux has but primarily
uses type enforcement. The SELinux community are all on board with KaiGai's
object model (the object classes and permissions and how they are enforced),
there has been quite a bit of discussion about them over the years. Trusted
RUBIX integrated SELinux using the object classes that KaiGai made for SEPostgres.

> So I think if you want to get anywhere with this, scrap the code, and start
> writing a specification. One with references. And then let's consider that
> one.
>

Harsh.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2009-07-20 19:25:25 Re: [PATCH v4] Avoid manual shift-and-test logic in AllocSetFreeIndex
Previous Message Bruce Momjian 2009-07-20 19:01:36 Re: [GENERAL] pg_migrator not setting values of sequences?