Re: Adding support for SE-Linux security

Robert Haas <robertmhaas@gmail.com> writes:
> On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian <bruce@momjian.us> wrote:
>> I wonder if we should rephrase this as, "How hard will this feature be
>> to add, and how hard will it be to remove in a few years if we decide we
>> don't want it?"

> Yes, I think that's the right way to think about it.  At a guess, it's
> two man-months of work to get it in,

It's not the "get it in" part that scares me.  The problem I have with
it is that I see it as a huge time sink for future maintenance problems,
most of which will be classifiable as security breaches which increases
the pain of dealing with them immeasurably.

If I had more confidence that the basic design was right or useful
I might not be so worried about the maintenance prospects, but frankly
I have almost no confidence in it.  This comes back to the lack of
involvement of any potential user community.
        regards, tom lane