Re: rest of works for security providers in v9.1

(2010/12/13 21:53), Robert Haas wrote:
> 2010/12/12 KaiGai Kohei<kaigai(at)ak(dot)jp(dot)nec(dot)com>:
>> I'd like to see opinions what facilities should be developed
>> to the current v9.1 development cycle.
>
> It seems to me that the next commit after the label-switcher-function
> patch ought to be a contrib module that implements a basic form of
> SE-Linux driven permissions checking. I'm pretty unexcited about
> continuing to add additional facilities that could be used by a
> hypothetical module without actually seeing that module, and I think
> that the label-switcher-function patch is the last piece of core
> infrastructure that is a hard requirement rather than "nice to have".
> I'd rather have a complete feature with limited capabilities than
> half a feature with really awesome capabilities.
>
It is a good news for me also, because I didn't imagine SE-PostgreSQL
module getting upstreamed, even if contrib module.

OK, I'll focus on the works to merge the starter-version of SE-PostgreSQL
as a contrib module in the last commit fest.

Probably, I need to provide its test cases and minimum documentations
in addition to the code itself. Anything else?

> I suspect that getting fine-grained DDL permissions into PostgreSQL
> 9.1 is not going to happen. There is a significant amount of
> complexity there and we are getting short on time. It took us three
> CommitFests to work through the plan we discussed at PGCon, and this
> isn't so much simpler that I expect to be able to do it in one. Of
> course, how you want to spend your time is up to you, but count me as
> a strong vote for postponing this work to 9.2, when there will be
> ample time to give it the care and attention it needs.
>
Yep, the label-switcher-function might be a good delimiter.
I don't find out any disadvantages to postpone getting DDL permissions.
I agree with these enhancements being pushed to v9.2 development.

Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>