Re: Updates of SE-PostgreSQL 8.4devel patches (r1081)
| От | KaiGai Kohei |
|---|---|
| Тема | Re: Updates of SE-PostgreSQL 8.4devel patches (r1081) |
| Дата | |
| Msg-id | 48ED57D8.9080504@ak.jp.nec.com обсуждение исходный текст |
| Ответ на | Re: Updates of SE-PostgreSQL 8.4devel patches (r1081) (Simon Riggs <simon@2ndQuadrant.com>) |
| Список | pgsql-hackers |
Simon Riggs wrote: > On Mon, 2008-10-06 at 17:25 +0900, KaiGai Kohei wrote: > >> What should I do during the remaining 25 days? > > I haven't been following this much, but I note that there is lots of > confusion over the international standards, guidelines, recommendations, > specifications etc that we should be following. AFAICS the requirements > have not been solidified and so there is little scope for examining the > patch to see if it meets any particular definition of usable. > > It would be very useful to write a long Wiki article explaining what > standards you think the security community want and how those have been > implemented in your patches. And also ones they don't want and why. > Maybe you have all that already, so its just a case of exposing it. I also think what you pointed out is right. We have the following document, but its description is a bit legacy as I noted to Peter in the previous message. http://sepgsql.googlecode.com/files/sepgsql_security_guide.20080214.en.pdf If they think the wiki article is useful, I can put the revised documentation and specification as several wiki pages. I'll do it next to the implementation of row-level permission, because I *have to* submit it due to the deadline. Here is a request. I hope to collaborate with native English users, because it is not my native language. :) Thanks, > If it is clearly written and easily publicly accessible (no patches > etc), then we can easily forward these links to people in the right > communities and they can provide feedback. I will forward to my UK Gov > contacts if you post a link (and to me, cos I'm not reading these > threads). Do it soon, please. > > Once that's done, it can then be used as an info source for interested > people once the patch has been accepted, so it will be valuable over > time. > > There's a clear need for Postgres in government and hi-security > businesses, so we need to get this right. But there's not much point > doing 65% or 135% of what's needed. > > Your efforts and attention are appreciated by all. -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com>
В списке pgsql-hackers по дате отправления: