Joshua Brindle wrote:
Peter Eisentraut wrote:
When it comes to larger features, this development group has a great
deal of
experience in implementing existing specifications, even relatively
terrible
ones like SQL or ODBC or Oracle compatibility. But the expected
behavior has
to be written down somewhere, endorsed by someone with authority. It
can't
just be someone's idea. Especially for features that are so complex,
esoteric, invasive, and critical for security and performance.
Who do you consider has authority? The security community has as many
opinions as any other. There are papers written on mandatory access
controls in rdbms's but they are mostly about multi-level security,
which SELinux has but primarily uses type enforcement. The SELinux
community are all on board with KaiGai's object model (the object
classes and permissions and how they are enforced), there has been
quite a bit of discussion about them over the years. Trusted RUBIX
integrated SELinux using the object classes that KaiGai made for
SEPostgres.
Then document those in a reasonably formal sense. I don't think you can
just say that the implementation is the spec. I should have thought that
such a spec would actually appeal to the security community.
So I think if you want to get anywhere with this, scrap the code, and
start
writing a specification. One with references. And then let's
consider that
one.
Harsh.
Yeah, it is a bit. But we're being asked to swallow a fairly large lump,
so don't be surprised if we gag a bit.
I haven't followed the entire history of this patch set closely, but we
have over and over again emphasized the importance of getting community
buyin before you start coding a large feature, and this is a *very*
large feature. Reviewing the history briefly, it appears that KaiGai
prepared an initial set of patches before ever approaching the Postgres
community with it about 2 years ago. That is to some extent the source
of the friction, I suspect.
I'm also slightly surprised that some of the government and commercial
players in this space aren't speaking up much. I should have thought
this would generate some interest from players as disparate as RedHat
and the NSA.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers