Alvaro Herrera wrote:
> Bruce Momjian wrote:
>
> > True, but think we would like to have all the SQL-level stuff done
> > first, or at least decide we don't want it at the SQL level, before
> > moving forward with adding fine-grained controls.
>
> This makes no sense. We've been sitting for years on the per-row
> privilege stuff, and there haven't been many takers. It doesn't look
> like somebody is going to write it for 8.4, which means delaying the
> inclusion of SE-Pgsql stuff just because that other thing is not done
> does not favor anyone.
Well, does it make sense to add column-level privileges just for
SE-Linux? I don't think that is wise. My logic is to build the lower
levels first (SQL), then the higher levels. If that was done when the
issue was originally suggested months ago it would be done but now. I
don't see the rush to do things backwards just to get SE-Linux
capability in 8.4, but of course that is just my opinion.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
