| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd(at)commandprompt(dot)com, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-07 15:55:48 |
| Message-ID: | 4816.1260201348@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>> I wonder if we should rephrase this as, "How hard will this feature be
>> to add, and how hard will it be to remove in a few years if we decide we
>> don't want it?"
> Yes, I think that's the right way to think about it. At a guess, it's
> two man-months of work to get it in,
It's not the "get it in" part that scares me. The problem I have with
it is that I see it as a huge time sink for future maintenance problems,
most of which will be classifiable as security breaches which increases
the pain of dealing with them immeasurably.
If I had more confidence that the basic design was right or useful
I might not be so worried about the maintenance prospects, but frankly
I have almost no confidence in it. This comes back to the lack of
involvement of any potential user community.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dimitri Fontaine | 2009-12-07 15:56:32 | Re: [HACKERS] Installing PL/pgSQL by default |
| Previous Message | Jaime Casanova | 2009-12-07 15:52:18 | Re: [HACKERS] New PostgreSQL Committers |