Peter Eisentraut wrote:
On Monday 20 July 2009 21:05:38 Joshua Brindle wrote:
How many people are you looking for? Is there a number or are you waiting
for a good feeling?
In my mind, the number of interested people is relatively uninteresting, as
long as it is greater than, say, three.
What is lacking here is a written specification.
When it comes to larger features, this development group has a great deal of
experience in implementing existing specifications, even relatively terrible
ones like SQL or ODBC or Oracle compatibility. But the expected behavior has
to be written down somewhere, endorsed by someone with authority. It can't
just be someone's idea. Especially for features that are so complex,
esoteric, invasive, and critical for security and performance.
So I think if you want to get anywhere with this, scrap the code, and start
writing a specification. One with references. And then let's consider that
one.
At least, what is important is that SE-PgSQL performs with its security model
correctly, not how it is implemented. In fast, I have modified its
implementation
and separated some of non-primary features several times.
As I said before, its implementation is flexible as far as it can implement
SELinux's security model correctly.
If PostgreSQL community requires its design specifications from the viewpoints
of developers, I don't have any reason not to provide it.
One question is what items should be described in the specifications?
I already provide a reference including a list of object classes and
permissions.
http://wiki.postgresql.org/wiki/SEPostgreSQL_References
I guess you would like to see when/where/how SE-PgSQL checks what permissions,
what criteria to make its decision should be used, and so on.
--
KaiGai Kohei <kai...@kaigai.gr.jp>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
