Re: 8.4 release planning
| От | Jonah H. Harris |
|---|---|
| Тема | Re: 8.4 release planning |
| Дата | |
| Msg-id | 36e682920901280541n4c7668a8jaf08aec1b0472d5e@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: 8.4 release planning (Peter Eisentraut <peter_e@gmx.net>) |
| Список | pgsql-hackers |
<div class="gmail_quote">On Wed, Jan 28, 2009 at 4:28 AM, Peter Eisentraut <span dir="ltr"><<a href="mailto:peter_e@gmx.net">peter_e@gmx.net</a>></span>wrote:<br /><blockquote class="gmail_quote" style="border-left:1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">GregSmith wrote:<br /><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin:0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> PostgreSQL advocacy point, one of the questions Tom asked about a bit upthreadis still a bit hazy here. There are commercial database offerings selling into the "trusted" space already. Whilethe use-cases you describe make perfect sense, I don't think it's clear to everyone yet if there's a unique draw toa PostgreSQL + selinux solution that the class of customers you're talking about would prefer it to purchasing one of thoseproducts. Is the cost savings the main driver here, or is there something else about a secure LAPP stack that makesit particularly compelling?<br /></blockquote><br /></div> According to the data available to me, it is a combinationof doing it better than the other guys (e.g., a SELinux type interface instead of something handcrafted) and theusual cost savings.<br /></blockquote></div><br />I don't know about better, but I would definitely say that it's a moreintegrated (with the OS) solution. Can you get Oracle to use SELinux policies? Sure. But it would take a combinationof Label Security, Fine Grained Access Control tweaks, custom C functions, and custom policies to handle the accesscontrol. And, it would cost a helluva lot of money.<br /><br />In short, this would make Postgres quite a bit moreappetizing to those who need this functionality, those who prefer SELinux-based policies, and those who don't have thetime/money to do it in systems like Oracle. How many people is that? Based on my consulting experience and questionsfrom DoD/DoE people specifically, I think the number of people needing this feature is fairly small right now. But, it wouldn't hurt us to have it.<br clear="all" /><br />Just to make it clear, this feature wouldn't make Postgresa "trusted" database in any certification sense. So, using that term would likely cause confusion and get peoplewho used it thinking it had an EAL certification into trouble.<br /><br />-- <br />Jonah H. Harris, Senior DBA<br />myYearbook.com<br/><br />
В списке pgsql-hackers по дате отправления: