On Mon, 2009-03-09 at 20:55 -0400, Tom Lane wrote:
> "Joshua D. Drake" <jd@commandprompt.com> writes:
> > I know we are a little uncomfortable here but KaiGai-San (forgive me if
> > I type that wrong) has proven to be a contributor in his own right,
>
> Perhaps it would help you calibrate the problem if I stated that
> I wouldn't trust a patch for this purpose written by myself, let
> alone somebody who hasn't been hacking the backend for ten years.
> (Where "this purpose" means the type of control KaiGai-san seems
> to hope to enforce, as opposed to just plugging some additional
> constraints into the existing ACL-check routines.)
I think you misunderstand me. I have watched this thread very closely
because it has specific strategic interest. For the record:
* This patch does scare me* With great risk comes great reward
So my question is, if the default is that sepostgres is disabled and can
only be enabled via a compile time option, are your concerns just as
weighty? What about marking the feature "experimental".
./configure --help
--enable-se Enables SE version of PostgreSQL for linux platforms
(experimental)
Yes it would be a break from what we do but it wouldn't hurt us to be
just a "little" bit less stodgy as long as it is done in a responsible
manner.
Sincerely,
Joshua D. Drake
>
> regards, tom lane
>
--
PostgreSQL - XMPP: jdrake@jabber.postgresql.org Consulting, Development, Support, Training 503-667-4564 -
http://www.commandprompt.com/ The PostgreSQL Company, serving since 1997