Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep)

Peter Eisentraut wrote:
> Aidan Van Dyk wrote:
> > * Robert Haas <robertmhaas(at)gmail(dot)com> [080924 00:15]:
> >
> >> But I do think
> >> it's worthwhile to ask whether it makes sense to introduce a bunch of
> >> features that are only usable to people running SELinux.
> >
> > Actually, I'ld go one stroke farther, and ask:
> > Does it make sense to introduce a bunch of features that are only
> > usable to people *able to write proper SELinux policy sets* (or whatever
> > they are called).
>
> I consider this a valid concern, but given that some people want MAC and
> no one has shown a better way to implement MAC than SELinux, you can
> hardly use that as an objection against this particular patch.

Peter, I am confused how the above statement relates to a posting you
made a week ago:

http://archives.postgresql.org/pgsql-hackers/2008-09/msg01067.php

Now these items are arguably useful and welcome features in their own
right. Unfortunately, this patch has chosen to provide these features in
a way that makes them accessible to the least amount of users. And
moreover, it bunches them all in one feature, while they should really
be available independently.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +