Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

KaiGai Kohei wrote:
> Bruce Momjian wrote:
> > KaiGai Kohei wrote:
> >>>> I don't oppose to elimination of "--disable-row-acl" options, however,
> >>>> it is not clear for me whether it should be unavoidable selection in
> >>>> the future, or not.
> >>> Look at the existing configure options; we don't remove features via
> >>> configure unless it is for some platform-specific reason. Please remove
> >>> the configure option and make it always enabled.
> >> OK, I'll update it in the next patch set.
> >
> > Good. I assume the SQL-row security patch is not testable alone with
> > out the rest of the patches, right?
>
> The minimum requirements are the 1st and 2nd patches.
> The first provides security hooks to PostgreSQL server program, and
> the other provides ones to pg_dump command.
> The 3rd, 4th and 5th are not necessary for the test purpose.

First, let me say you have done an amazing job of producing patches for
us, and your code quality is very high, especially considering the
complexity of this code and your newness to our development process. My
compliments to NEC, your employer.

Also, I personally am excited about this code and what it will add to
Postgres 8.4.

I hate to ask for something else from you, but I am trying to figure out
how we can proceed in reviewing and applying your additions. I am
wondering if you can produce a patch that has the SE-Linux part separate
so I can review the non-SE-Linux parts of the patch alone --- right now
I am not 100% clear on what parts are always active as row-level SQL
security and what needs SE-Linux to operate. I know this is an
additional burden on you and if it is too much to ask, please tell me.

Thanks.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +