Re: rest of works for security providers in v9.1

(2010/12/13 21:53), Robert Haas wrote:
> 2010/12/12 KaiGai Kohei<kaigai@ak.jp.nec.com>:
>> I'd like to see opinions what facilities should be developed
>> to the current v9.1 development cycle.
>
> It seems to me that the next commit after the label-switcher-function
> patch ought to be a contrib module that implements a basic form of
> SE-Linux driven permissions checking.  I'm pretty unexcited about
> continuing to add additional facilities that could be used by a
> hypothetical module without actually seeing that module, and I think
> that the label-switcher-function patch is the last piece of core
> infrastructure that is a hard requirement rather than "nice to have".
>   I'd rather have a complete feature with limited capabilities than
> half a feature with really awesome capabilities.
>
It is a good news for me also, because I didn't imagine SE-PostgreSQL
module getting upstreamed, even if contrib module.

OK, I'll focus on the works to merge the starter-version of SE-PostgreSQL
as a contrib module in the last commit fest.

Probably, I need to provide its test cases and minimum documentations
in addition to the code itself. Anything else?

> I suspect that getting fine-grained DDL permissions into PostgreSQL
> 9.1 is not going to happen.  There is a significant amount of
> complexity there and we are getting short on time.  It took us three
> CommitFests to work through the plan we discussed at PGCon, and this
> isn't so much simpler that I expect to be able to do it in one.  Of
> course, how you want to spend your time is up to you, but count me as
> a strong vote for postponing this work to 9.2, when there will be
> ample time to give it the care and attention it needs.
>
Yep, the label-switcher-function might be a good delimiter.
I don't find out any disadvantages to postpone getting DDL permissions.
I agree with these enhancements being pushed to v9.2 development.

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>