Robert Haas <robertmh...@gmail.com> writes: > On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: >> My guess is that a credible SEPostgres offering will require a long-term >> amount of work at least equal to, and very possibly a good deal more >> than, what it took to make a native Windows port.
> The SEPostgres community is surely a lot smaller than the Windows > community, but I'm not sure whether the effort estimate is accurate or > not. If "credible" includes "row-level security", then I think I > might agree, but right now we're just trying to get off the ground. It's been perfectly clear since day one, and was reiterated as recently as today http://archives.postgresql.org/message-id/4b21757e.7090...@2ndquadrant.com that what the security community wants is row-level security. The proposals to make SEPostgres drive regular SQL permissions never came out of anyone from that side, they were proposed by PG people looking for a manageable first step. Whatever you might believe about the potential market for SEPostgres, you should divide by about a hundred as long as it's only an alternate interface to SQL permissions. See particularly here: http://wiki.postgresql.org/wiki/SEPostgreSQL_Review_at_the_BWPUG#Revisiting_row-level_security "Without it, it's questionable whether committing the existing stripped-down patch really accomplishes anything" --- how much clearer can they be? If you're not prepared to assume that we're going to do row level security, it's not apparent why we should be embarking on this course at all. And if you do assume that, I strongly believe that my effort estimate above is on the optimistic side. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
