Postgres Pro
Downloads
Home   >   mailing lists

Re: Adding support for SE-Linux security - Mailing list pgsql-hackers

From KaiGai Kohei
Subject Re: Adding support for SE-Linux security
Date
Msg-id 4B1DAB6D.5010600@ak.jp.nec.com
Whole thread Raw
In response to Re: Adding support for SE-Linux security  (Bruce Momjian <bruce@momjian.us>)
List pgsql-hackers
Tree view 
Bruce Momjian wrote:
> Tom Lane wrote:
>> Bruce Momjian <bruce@momjian.us> writes:
>>> Robert Haas wrote:
>>>> Yes, I think that's the right way to think about it.  At a guess, it's
>>>> two man-months of work to get it in, and ripping it out is likely
>>>> technically fairly simple but will probably be politically impossible.
>>> I figure if there is sufficient usage, we will not need to remove it,
>>> and if there isn't, we will have no objections to removing it.
>> That leaves a wide gray area where there are a few people using it but
>> not really enough to justify the support effort.  Even if there are
>> demonstrably no users (which can never be demonstrated in practice),
>> politically it's very hard to rip out a "major feature" --- it makes the
>> project look bad.  So I think the above is Pollyanna-ish nonsense.
> 
> I don't even know what "Pollyanna-ish nonsense" means, and it would be
> better if you used less flowery/inflamitory prose.

Apart from standpoint of the discussion, idiomatic phrases are not
oftern friendly for non-native English speakers.

>> Once we ship a release with SEPostgres in it, we're committed.
> 
> The MS Windows port took 1-2 years to solidify and during the
> solidification period we accepted problems and didn't treat it as a
> major platform.  I think if SE-Linux support is added, there would be a
> similar period where the features is not treated as major while we work
> out any problems.  We might even label it that way.

It also seems to me an realistic attitude.
The first guy needs courage independently from the class of features.
Thus, anybody attend to see case examples in conferences. I don't think
here is no fundamental differences.

> Labeling SE-Postgres as such might minimize the political problems of
> removing it in the future, if that becomes necessary.

For us, the name is not an important issue.
And, I believe our continued contributions in the future shall make it
unnecessary to remove it later.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Exclusion Constraint vs. Constraint Exclusion
Next
From: Simon Riggs
Date:
Subject: Re: WAL format