From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Josh Berkus <josh(at)agliodbs(dot)com>, jd(at)commandprompt(dot)com, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Adding support for SE-Linux security |
Date: | 2009-12-08 01:10:31 |
Message-ID: | 4B1DA787.4040603@ak.jp.nec.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Tom Lane wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>>> I wonder if we should rephrase this as, "How hard will this feature be
>>> to add, and how hard will it be to remove in a few years if we decide we
>>> don't want it?"
>
>> Yes, I think that's the right way to think about it. At a guess, it's
>> two man-months of work to get it in,
>
> It's not the "get it in" part that scares me. The problem I have with
> it is that I see it as a huge time sink for future maintenance problems,
> most of which will be classifiable as security breaches which increases
> the pain of dealing with them immeasurably.
We can clearly say that acception of this feature is equivalent to
getting a new developer to maintain this feature into the community.
It is preferable to change my role in this community; I'd like to perform
as a maintainer of this feature rather than a person who send a large
patch for each commit-fest.
> If I had more confidence that the basic design was right or useful
> I might not be so worried about the maintenance prospects, but frankly
> I have almost no confidence in it. This comes back to the lack of
> involvement of any potential user community.
We should not ignore a fact several commercial database software provides
advanced security options that are partially similar to SE-PgSQL. It allows
them to reach a region where PgSQL has not reached yet, and these features
are supported by an amount of users.
Anyway, it seems to me it is counterproductive to discuss whether the
potential users are larger or smaller, because it is a difficult job
to estimate it correctly, even if we would be experienced marketers.
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2009-12-08 01:17:14 | Re: Exclusion Constraint vs. Constraint Exclusion |
Previous Message | Ashish | 2009-12-08 01:04:58 | Re: Need a mentor, and a project. |