Re: [PATCH] SE-PgSQL/tiny rev.2193
| От | Andrew Dunstan |
|---|---|
| Тема | Re: [PATCH] SE-PgSQL/tiny rev.2193 |
| Дата | |
| Msg-id | 4A64CF4D.30601@dunslane.net обсуждение исходный текст |
| Ответ на | Re: [PATCH] SE-PgSQL/tiny rev.2193 (Joshua Brindle <method@manicmethod.com>) |
| Список | pgsql-hackers |
Joshua Brindle wrote: > Peter Eisentraut wrote: >> >> When it comes to larger features, this development group has a great >> deal of >> experience in implementing existing specifications, even relatively >> terrible >> ones like SQL or ODBC or Oracle compatibility. But the expected >> behavior has >> to be written down somewhere, endorsed by someone with authority. It >> can't >> just be someone's idea. Especially for features that are so complex, >> esoteric, invasive, and critical for security and performance. >> > > Who do you consider has authority? The security community has as many > opinions as any other. There are papers written on mandatory access > controls in rdbms's but they are mostly about multi-level security, > which SELinux has but primarily uses type enforcement. The SELinux > community are all on board with KaiGai's object model (the object > classes and permissions and how they are enforced), there has been > quite a bit of discussion about them over the years. Trusted RUBIX > integrated SELinux using the object classes that KaiGai made for > SEPostgres. Then document those in a reasonably formal sense. I don't think you can just say that the implementation is the spec. I should have thought that such a spec would actually appeal to the security community. > >> So I think if you want to get anywhere with this, scrap the code, and >> start >> writing a specification. One with references. And then let's >> consider that >> one. >> > > Harsh. > Yeah, it is a bit. But we're being asked to swallow a fairly large lump, so don't be surprised if we gag a bit. I haven't followed the entire history of this patch set closely, but we have over and over again emphasized the importance of getting community buyin before you start coding a large feature, and this is a *very* large feature. Reviewing the history briefly, it appears that KaiGai prepared an initial set of patches before ever approaching the Postgres community with it about 2 years ago. That is to some extent the source of the friction, I suspect. I'm also slightly surprised that some of the government and commercial players in this space aren't speaking up much. I should have thought this would generate some interest from players as disparate as RedHat and the NSA. cheers andrew
В списке pgsql-hackers по дате отправления: