| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Chris Browne <cbbrowne(at)acm(dot)org> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-07 17:21:06 |
| Message-ID: | 6756.1260206466@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Chris Browne <cbbrowne(at)acm(dot)org> writes:
> I feel about the same way about this as I did about the adding of
> "native Windows" support; I'm a bit concerned that this could be a
> destabilizing influence. I was wrong back then; the Windows support
> hasn't had the ill effects I was concerned it might have.
That's an interesting analogy. I too am not entirely convinced that
it's a good comparison, but if it is, consider these points:
* The goal of the Windows port was pretty well-defined and easily
tested: "make it work on Windows". The goalposts didn't move except
perhaps when MS came out with new Windows versions.
* We had a *lot* of users available to help flush out problems.
* There wasn't any need to treat bugs as security sensitive, which is
problematic not least because it restricts the free flow of information.
Any one of those points would be good reason to think that getting
SEPostgres to stability will be lots more drawn-out and painful than
getting the Windows port to stability was. With all three pointing in
the same direction, the tea leaves don't look good.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2009-12-07 17:40:27 | Re: operator exclusion constraints |
| Previous Message | Heikki Linnakangas | 2009-12-07 17:07:13 | Re: Reading recovery.conf earlier |