Re: Adding support for SE-Linux security

From: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To: Bruce Momjian <bruce(at)momjian(dot)us>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, jd(at)commandprompt(dot)com, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Adding support for SE-Linux security
Date: 2009-12-08 01:27:09
Message-ID: 4B1DAB6D.5010600@ak.jp.nec.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Bruce Momjian wrote:
> Tom Lane wrote:
>> Bruce Momjian <bruce(at)momjian(dot)us> writes:
>>> Robert Haas wrote:
>>>> Yes, I think that's the right way to think about it. At a guess, it's
>>>> two man-months of work to get it in, and ripping it out is likely
>>>> technically fairly simple but will probably be politically impossible.
>>> I figure if there is sufficient usage, we will not need to remove it,
>>> and if there isn't, we will have no objections to removing it.
>> That leaves a wide gray area where there are a few people using it but
>> not really enough to justify the support effort. Even if there are
>> demonstrably no users (which can never be demonstrated in practice),
>> politically it's very hard to rip out a "major feature" --- it makes the
>> project look bad. So I think the above is Pollyanna-ish nonsense.
>
> I don't even know what "Pollyanna-ish nonsense" means, and it would be
> better if you used less flowery/inflamitory prose.

Apart from standpoint of the discussion, idiomatic phrases are not
oftern friendly for non-native English speakers.

>> Once we ship a release with SEPostgres in it, we're committed.
>
> The MS Windows port took 1-2 years to solidify and during the
> solidification period we accepted problems and didn't treat it as a
> major platform. I think if SE-Linux support is added, there would be a
> similar period where the features is not treated as major while we work
> out any problems. We might even label it that way.

It also seems to me an realistic attitude.
The first guy needs courage independently from the class of features.
Thus, anybody attend to see case examples in conferences. I don't think
here is no fundamental differences.

> Labeling SE-Postgres as such might minimize the political problems of
> removing it in the future, if that becomes necessary.

For us, the name is not an important issue.
And, I believe our continued contributions in the future shall make it
unnecessary to remove it later.

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Simon Riggs 2009-12-08 01:28:33 Re: WAL format
Previous Message Tom Lane 2009-12-08 01:20:45 Re: Exclusion Constraint vs. Constraint Exclusion