On Mon, Mar 9, 2009 at 4:04 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Robert Haas <robertmhaas@gmail.com> writes:
>> On Mon, Mar 9, 2009 at 1:25 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> I've been convinced for awhile that the sepostgres project is going
>>> off the rails, and these last couple of exchanges just confirm the fear.
>
>> I'm not sure what you mean by "going off the rails". I think we are
>> still beating our way through what Peter Eisentraut said in one of his
>> first reviews of this patch: SE-PostgreSQL shouldn't implement MAC
>> that isn't a mirror of existing DAC capabilities. If more
>> capabilities are needed, the DAC side of things should be designed and
>> implemented first. Interestingly, Heikki's latest review comments are
>> coming back to exactly this point. So I think we have unanimity that
>> everything that doesn't meet this criterion should be ripped out for
>> now. But I don't see anyone arguing that those capabilities are
>> intrinsically worthless, except possibly you, just that we won't be
>> ready to support them in SE-PostgreSQL until we support them in some
>> more general sense.
>
> I'm not saying that I think the capability is intrinsically worthless.
> What I *am* saying is that I have zero confidence in the current
> development process, ie one guy producing patches without any previous
> design discussion. What's missing is
>
> 1. Community buy-in on the objectives and user-visible semantics.
> 2. High-level review of the proposed implementation method.
> 3. Review of the coding details.
>
> We seem to be starting at #3.
OK, I agree.
> Now it's not really KaiGai-san's fault;
> the fundamental problem IMHO is that no one else is taking very much
> interest in the patch. But that in itself speaks volumes about whether
> we actually want this patch or should accept it.
Are you sure that this isn't just because the original patch was so
enormous? If you're referring to reviewing, it's certainly easier to
find someone willing to review a 100-line patch than it is to find
someone willing to review a 10,000-line patch. But in terms of
potential user feedback, there have been a number of people writing in
about how much they would like to use this feature, and some security
folks have written in with positive comments, too. It also seems to
me that with Heikki's feedback this is rapidly shrinking down to a
project of managable size and scope. I don't think it's there yet,
and maybe it won't get there soon enough to include in 8.4, but it
certainly seems to be moving in the right direction.
...Robert
