Re: rest of works for security providers in v9.1

2010/12/12 KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>:
> I'd like to see opinions what facilities should be developed
> to the current v9.1 development cycle.

It seems to me that the next commit after the label-switcher-function
patch ought to be a contrib module that implements a basic form of
SE-Linux driven permissions checking. I'm pretty unexcited about
continuing to add additional facilities that could be used by a
hypothetical module without actually seeing that module, and I think
that the label-switcher-function patch is the last piece of core
infrastructure that is a hard requirement rather than "nice to have".
I'd rather have a complete feature with limited capabilities than
half a feature with really awesome capabilities.

I suspect that getting fine-grained DDL permissions into PostgreSQL
9.1 is not going to happen. There is a significant amount of
complexity there and we are getting short on time. It took us three
CommitFests to work through the plan we discussed at PGCon, and this
isn't so much simpler that I expect to be able to do it in one. Of
course, how you want to spend your time is up to you, but count me as
a strong vote for postponing this work to 9.2, when there will be
ample time to give it the care and attention it needs.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company