On Mon, 2009-03-09 at 20:55 -0400, Tom Lane wrote: > "Joshua D. Drake" <j...@commandprompt.com> writes: > > I know we are a little uncomfortable here but KaiGai-San (forgive me if > > I type that wrong) has proven to be a contributor in his own right,
> > Perhaps it would help you calibrate the problem if I stated that > I wouldn't trust a patch for this purpose written by myself, let > alone somebody who hasn't been hacking the backend for ten years. > (Where "this purpose" means the type of control KaiGai-san seems > to hope to enforce, as opposed to just plugging some additional > constraints into the existing ACL-check routines.) I think you misunderstand me. I have watched this thread very closely because it has specific strategic interest. For the record: * This patch does scare me * With great risk comes great reward So my question is, if the default is that sepostgres is disabled and can only be enabled via a compile time option, are your concerns just as weighty? What about marking the feature "experimental". ./configure --help --enable-se Enables SE version of PostgreSQL for linux platforms (experimental) Yes it would be a break from what we do but it wouldn't hurt us to be just a "little" bit less stodgy as long as it is done in a responsible manner. Sincerely, Joshua D. Drake > > regards, tom lane > -- PostgreSQL - XMPP: jdr...@jabber.postgresql.org Consulting, Development, Support, Training 503-667-4564 - http://www.commandprompt.com/ The PostgreSQL Company, serving since 1997 -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
