Bruce Momjian <bruce@momjian.us> writes:
> Robert Haas wrote:
>> Yes, I think that's the right way to think about it. At a guess, it's
>> two man-months of work to get it in, and ripping it out is likely
>> technically fairly simple but will probably be politically impossible.
> I figure if there is sufficient usage, we will not need to remove it,
> and if there isn't, we will have no objections to removing it.
That leaves a wide gray area where there are a few people using it but
not really enough to justify the support effort. Even if there are
demonstrably no users (which can never be demonstrated in practice),
politically it's very hard to rip out a "major feature" --- it makes the
project look bad. So I think the above is Pollyanna-ish nonsense.
Once we ship a release with SEPostgres in it, we're committed.
> As Alvaro mentioned, the original patch used ACE but it added too much
> code so the community requested its removal from the patch. It could be
> re-added if we have a need.
The main problem I saw with ACE was that it didn't appear to actually
add any flexibility --- it was just an extra layer of function calls
in an entirely SELinux-centric design. In order to have a "pluggable
interface" layer that is worth the electrons it's written on, you need
to start out with more than one target system in mind to be plugged in.
So that would mean, at minimum, investigating something like AppArmor or
TrustedSolaris to see what its needs are before we sit down to design
the plugin layer. (Which, of course, nobody here is actually interested
enough to do. But without that research there is no point in demanding
a plugin layer.)
regards, tom lane
