David P. Quigley wrote:
> Not to start a flame war here about access control models but you gave 3
> different examples one of which I don't think has any means to do
> anything productive here.
You won't be starting a flame war for the same reason some of the
community members are so concerned about this patch. There aren't enough
people familiar with this part of the security field within our database
developer community to even be able to answer fairly basic questions
like the one you just clarified. If you can help bring more qualified
reviewers to bear on that, it would be extremely helpful. I even tried
to organize a meetup between PostgreSQL hackers working in this area and
the security people I knew around here (Baltimore/DC) last year, but
just couldn't find any interested enough to show. Other than a brief
visit on this list from some of the Tresys guys, we haven't seen much
input here beyond that offered by the patch author, who's obviously
qualified but at the end of the day is still only one opinion. He's also
not in a good position to tell other people their ideas are misinformed
either.
--
Greg Smith 2ndQuadrant Baltimore, MD
PostgreSQL Training, Services and Support
greg@2ndQuadrant.com www.2ndQuadrant.com
