From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
---|---|
To: | Joshua Brindle <method(at)manicmethod(dot)com> |
Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Martijn van Oosterhout <kleptog(at)svana(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
Subject: | Re: [PATCH] SE-PgSQL/tiny rev.2193 |
Date: | 2009-07-20 20:10:53 |
Message-ID: | 4A64CF4D.30601@dunslane.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Joshua Brindle wrote:
> Peter Eisentraut wrote:
>>
>> When it comes to larger features, this development group has a great
>> deal of
>> experience in implementing existing specifications, even relatively
>> terrible
>> ones like SQL or ODBC or Oracle compatibility. But the expected
>> behavior has
>> to be written down somewhere, endorsed by someone with authority. It
>> can't
>> just be someone's idea. Especially for features that are so complex,
>> esoteric, invasive, and critical for security and performance.
>>
>
> Who do you consider has authority? The security community has as many
> opinions as any other. There are papers written on mandatory access
> controls in rdbms's but they are mostly about multi-level security,
> which SELinux has but primarily uses type enforcement. The SELinux
> community are all on board with KaiGai's object model (the object
> classes and permissions and how they are enforced), there has been
> quite a bit of discussion about them over the years. Trusted RUBIX
> integrated SELinux using the object classes that KaiGai made for
> SEPostgres.
Then document those in a reasonably formal sense. I don't think you can
just say that the implementation is the spec. I should have thought that
such a spec would actually appeal to the security community.
>
>> So I think if you want to get anywhere with this, scrap the code, and
>> start
>> writing a specification. One with references. And then let's
>> consider that
>> one.
>>
>
> Harsh.
>
Yeah, it is a bit. But we're being asked to swallow a fairly large lump,
so don't be surprised if we gag a bit.
I haven't followed the entire history of this patch set closely, but we
have over and over again emphasized the importance of getting community
buyin before you start coding a large feature, and this is a *very*
large feature. Reviewing the history briefly, it appears that KaiGai
prepared an initial set of patches before ever approaching the Postgres
community with it about 2 years ago. That is to some extent the source
of the friction, I suspect.
I'm also slightly surprised that some of the government and commercial
players in this space aren't speaking up much. I should have thought
this would generate some interest from players as disparate as RedHat
and the NSA.
cheers
andrew
From | Date | Subject | |
---|---|---|---|
Next Message | Ron Mayer | 2009-07-20 20:14:42 | Re: SE-PostgreSQL? |
Previous Message | Alan Li | 2009-07-20 20:09:47 | Re: MIN/MAX optimization for partitioned table |