Re: Adding support for SE-Linux security
От | KaiGai Kohei |
---|---|
Тема | Re: Adding support for SE-Linux security |
Дата | |
Msg-id | 4B170705.6050402@ak.jp.nec.com обсуждение исходный текст |
Ответ на | Re: Adding support for SE-Linux security (Tom Lane <tgl@sss.pgh.pa.us>) |
Ответы |
Re: Adding support for SE-Linux security
(Andrew Dunstan <andrew@dunslane.net>)
Re: Adding support for SE-Linux security (Ron Mayer <rm_pg@cheapcomplexdevices.com>) |
Список | pgsql-hackers |
Tom Lane wrote: > Josh Berkus <josh@agliodbs.com> writes: >> When GIS was introduced to this list ten years ago it was criticized as >> a marginal feature and huge and intrusive. But today it's probably 40% >> of our user base, and growing far more rapidly than anything else with >> Postgres. Maybe SE will be more like Rules than like GIS in the long >> run, but there's no way for us to know that today. > > What we do know is that GIS could be, and was, successfully developed > outside core Postgres. It didn't need to suck away a major portion of > the effort of the core developers. So it's not a very good analogy. > > In the end this is a debate about what the community should do with its > finite development resources. Maybe, if we build this thing, they will > come and we'll get so much additional contribution that it'll be a win > all around. But somehow, alleged users who won't even decloak enough > to tell us they want it don't seem like likely candidates for becoming > major contributors. > > In words of one syllable: I do not care at all whether the NSA would use > Postgres, if they're not willing to come and help us build it. If we > tried to build it without their input, we'd probably not produce what > they want anyway. I don't know any reputations of NSA in US, except for Hollywood often makes them baddie in movies. However, it is the fact SELinux is already an open source software supported by people and corporations in multiple nations including former communist nations, not only USA and its allied nations. Needless to say, NEC is also a supporter to develop and maintain SE-PgSQL feature. We believe it is a necessity feature to construct secure platform for SaaS/Cloud computing, so my corporation has funded to develop SE-PgSQL for more than two years. As I noted before, if you worried about I escape anyware, it is quite incorrect. Now I've been working to develop and integrate SE-PgSQL in full-time. We can also say SELinux community provides a development resource to other OSS communities. For example, the recent version of Xorg has SELinux support in userspace, such as SE-PgSQL, by the developer who originally worked in SELinux community. SE-PgSQL is a similar case. Anyway, I don't think we should build barrier between communities. Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com>
В списке pgsql-hackers по дате отправления: