| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-11 01:41:42 |
| Message-ID: | 603c8f070912101741j4d3bff30m9b0c547b4bdf7a9d@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> If I thought that Bruce could go off in a corner and make this happen
> and it would create no demands on anybody but him and KaiGai-san, I
> would say "fine, if that's where you want to spend your time, go for
> it". But even to state that implied claim is to see how false it is.
> Bruce is pointing to the Windows port, but he didn't make it happen
> by himself, or any close approximation of that. Everybody who works
> on this project has been affected by that, and we're *still* putting
> significant amounts of time into Windows compatibility, over five years
> later.
This is also one of my concerns. Bruce has been careful to say that
he will either make this happen himself or find others to help. The
thing is, who are the others, are they people we already trust, and
how do we know whether they'll be around after this is committed? I'm
excited to see Greg Smith getting more involved in dealing with this
patch-set, and I know Stephen Frost did some reviewing as well, but
overall the community support has been pretty limpid. It's probably
impossible to completely eliminate the impact of this feature on the
community, but having a core of involved people - preferably including
several committers - who will maintain it would help a lot. We're not
there yet.
> My guess is that a credible SEPostgres offering will require a long-term
> amount of work at least equal to, and very possibly a good deal more
> than, what it took to make a native Windows port. If SEPostgres could
> bring us even 10% as many new users as the Windows port did, it'd
> probably be a worthwhile use of our resources. But again, that's an
> assumption that's difficult to type without bursting into laughter.
The SEPostgres community is surely a lot smaller than the Windows
community, but I'm not sure whether the effort estimate is accurate or
not. If "credible" includes "row-level security", then I think I
might agree, but right now we're just trying to get off the ground.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2009-12-11 02:21:41 | Re: enable-thread-safety defaults? |
| Previous Message | Andrew Dunstan | 2009-12-11 01:39:54 | Re: YAML Was: CommitFest status/management |