On Tue, Jan 27, 2009 at 2:18 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > > This seems to me to be exactly parallel to deciding that SELinux should > control only table/column permissions within SQL; an approach that would > be enormously less controversial, less expensive, and more reliable than > what SEPostgres tries to do. >
seems that the controversial part of sepgsql is row level permissions, can we try to commit (obviously with good revision and test) the table/column privileges part of that patch? that is still a step on the direction of full centralized security management on the system... let the row level privileges part for 8.5, that way the patch will be smaller now and then... remember, postponed is not rejected is just a way to give more time to think (WITH patch comes from the prior release cycle and was committed in this release), not to think about one scenario but about all possible scenarios in a more wide audience -- Atentamente, Jaime Casanova Soporte y capacitación de PostgreSQL AsesorÃa y desarrollo de sistemas Guayaquil - Ecuador Cel. +59387171157 -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
