Re: Adding support for SE-Linux security

Tom Lane wrote:
> Bruce Momjian <bruce(at)momjian(dot)us> writes:
> > Robert Haas wrote:
> >> Yes, I think that's the right way to think about it. At a guess, it's
> >> two man-months of work to get it in, and ripping it out is likely
> >> technically fairly simple but will probably be politically impossible.
>
> > I figure if there is sufficient usage, we will not need to remove it,
> > and if there isn't, we will have no objections to removing it.
>
> That leaves a wide gray area where there are a few people using it but
> not really enough to justify the support effort. Even if there are
> demonstrably no users (which can never be demonstrated in practice),
> politically it's very hard to rip out a "major feature" --- it makes the
> project look bad. So I think the above is Pollyanna-ish nonsense.

I don't even know what "Pollyanna-ish nonsense" means, and it would be
better if you used less flowery/inflamitory prose.

> Once we ship a release with SEPostgres in it, we're committed.

The MS Windows port took 1-2 years to solidify and during the
solidification period we accepted problems and didn't treat it as a
major platform. I think if SE-Linux support is added, there would be a
similar period where the features is not treated as major while we work
out any problems. We might even label it that way.

Labeling SE-Postgres as such might minimize the political problems of
removing it in the future, if that becomes necessary.

I know there has been complaints about the lack of SE-PostgreSQL
developers, but given the number of developers we had for the Win32 port
vs. the installed base, I think having one dedicated SE-PostgreSQL
developer is much more percentage-wise than we had for MS Windows.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +