Re: Adding support for SE-Linux security

Bruce,

> If we decide not to support SE-Linux, it is unlikely we will be adding
> support for any other external security systems because SE-Linux has the
> widest adoption.
>
> I think the big question is whether we are ready to extend Postgres to
> support additional security infrastructures.

PostgreSQL is the most security-conscious of the OSS databases, and is
widely used by certain groups (security software, military, credit card
processing) precisely because of this reputation. These folks, while
unlikely to speak up on -hackers, are interested in new/further security
features; when I was at the Pentagon 2 years ago several people there
from HS were quite interested in SE-Postgres specifically. Further,
I've been mentioning SE-Postgres in my "DB security talk" for the last
18 months and I *always* get a question about it.

So while there might not be vocal proponents for innovative/hard-core
security frameworks on this list currently, I think it will gain us some
new users. Maybe more than we expect.

When GIS was introduced to this list ten years ago it was criticized as
a marginal feature and huge and intrusive. But today it's probably 40%
of our user base, and growing far more rapidly than anything else with
Postgres. Maybe SE will be more like Rules than like GIS in the long
run, but there's no way for us to know that today.

--Josh Berkus