On 7 September 2011 14:34, Kohei KaiGai <kai...@kaigai.gr.jp> wrote: > 2011/9/7 Thom Brown <t...@linux.com>: > > On 24 August 2011 13:38, Kohei Kaigai <kohei.kai...@emea.nec.com> wrote: > >> > >> The (2) is new stuff from the revision in commit-fest 1st. It enables to > >> supply "NOLEAKY" option on CREATE FUNCTION statement, then the function > is > >> allowed to distribute across security barrier. Only superuser can set > this > >> option. > > > > "NOLEAKY" doesn't really sound appropriate as it sounds like pidgin > English. > > Also, it could be read as "Don't allow leaks in this function". Could > we > > instead use something like TRUSTED or something akin to it being allowed > to > > do more than safer functions? It then describes its level of behaviour > > rather than what it promises not to do. > > > Thanks for your comment. I'm not a native English specker, so it is > helpful. > > "TRUSTED" sounds meaningful for me, however, it is confusable with a > concept > of "trusted procedure" in label-based MAC. It is not only SELinux, > Oracle's label > based security also uses this term to mean a procedure that switches user's > credential during its execution. > > http://download.oracle.com/docs/cd/B28359_01/network.111/b28529/storproc.htm > > So, how about "CREDIBLE", instead of "TRUSTED"? >
I can't say I'm keen on that alternative, but I'm probably not the one to participate in bike-shedding here, so I'll leave comment to you hackers. :) -- Thom Brown Twitter: @darkixion IRC (freenode): dark_ixion Registered Linux user: #516935 EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company