| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, Josh Berkus <josh(at)agliodbs(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-09 06:44:12 |
| Message-ID: | 9837222c0912082244g69cb8303j17786112be32a727@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2009/12/9 Bruce Momjian <bruce(at)momjian(dot)us>:
> I frankly think the patch should be thought of as the SE-Linux-specific
> directory files, which KaiGai can maintain, and the other parts, which I
> think I can handle.
I think that's a horribly bad idea.
We have already got a similar issue with ECPG, which clearly stagnates
whenever Michael is busy and don't have time to go through the
patches. Because it's "his code", and nobody else knows how to and/or
cares to maintain it. And this is just a single piece of the frontend
that doesn't affect anything else.
If you want to do something similar for sepg, then sepg needs to be
turned into a full plugin system, where the plugin is a completely
separate thing. In which case the plugin can be developed separately,
for example on pgfoundry (and be considered to merge later, if we
want, but not necessarily ever since it has a narrow user base).
I haven't looked at the patch properly for quite a while, but I
imagine turning it into such a plugin is not feasible. Because if it
is, why haven't this been done already? :) But if it is, perhaps that
is something we should consider, since it lessens the maintenance
burden into "just" the API (which is still a huge burden compared to
many of our APIs, but it is a lot less than what the patch is now)
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | KaiGai Kohei | 2009-12-09 06:52:52 | Re: Adding support for SE-Linux security |
| Previous Message | Takahiro Itagaki | 2009-12-09 06:12:32 | Re: pgbench: new feature allowing to launch shell commands |