From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd(at)commandprompt(dot)com, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Adding support for SE-Linux security |
Date: | 2009-12-07 15:55:48 |
Message-ID: | 4816.1260201348@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>> I wonder if we should rephrase this as, "How hard will this feature be
>> to add, and how hard will it be to remove in a few years if we decide we
>> don't want it?"
> Yes, I think that's the right way to think about it. At a guess, it's
> two man-months of work to get it in,
It's not the "get it in" part that scares me. The problem I have with
it is that I see it as a huge time sink for future maintenance problems,
most of which will be classifiable as security breaches which increases
the pain of dealing with them immeasurably.
If I had more confidence that the basic design was right or useful
I might not be so worried about the maintenance prospects, but frankly
I have almost no confidence in it. This comes back to the lack of
involvement of any potential user community.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Dimitri Fontaine | 2009-12-07 15:56:32 | Re: [HACKERS] Installing PL/pgSQL by default |
Previous Message | Jaime Casanova | 2009-12-07 15:52:18 | Re: [HACKERS] New PostgreSQL Committers |