Martijn van Oosterhout escribió:
> On Mon, Dec 07, 2009 at 01:09:59PM -0300, Alvaro Herrera wrote:
> > This is how the code was developed initially -- the patch was called
> > PGACE and SELinux was but the first implementation on top of it.
>
> I find it astonishing that after SE-PgSQL was implem
Robert Haas wrote:
> > Agreed. ?SE-Linux support might expand our user base and give us
> > additional credibility, or it might be a feature that few people use ---
> > and I don't think anyone knows the outcome.
> >
> > I wonder if we should rephrase this as, "How hard will this feature be
> > to
Chris Browne writes:
> I feel about the same way about this as I did about the adding of
> "native Windows" support; I'm a bit concerned that this could be a
> destabilizing influence. I was wrong back then; the Windows support
> hasn't had the ill effects I was concerned it might have.
That's a
t...@sss.pgh.pa.us (Tom Lane) writes:
> Robert Haas writes:
>> On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian wrote:
>>> I wonder if we should rephrase this as, "How hard will this feature be
>>> to add, and how hard will it be to remove in a few years if we decide we
>>> don't want it?"
>
>> Yes,
Martijn van Oosterhout writes:
> I find it astonishing that after SE-PgSQL was implemented on top of a
> pluggable system (PGACE) and this system was removed at request of the
> "community" [1] that at this late phase people are suggesting it needs
> to be added back again. Havn't the goalposts be
On Mon, Dec 07, 2009 at 01:09:59PM -0300, Alvaro Herrera wrote:
> > Given the extreme patience and diligence exhibited by KaiGai, I
> > hesitate to say this, but it seems to me that this would be
> > critically important for the long term success of this feature. I
> > have no idea how much work i
Kevin Grittner escribió:
> > I'd like to see us be able to support it. One of the things that
> > I think would be worth looking into is whether there is a way to
> > make this pluggable, so that selinux and apparmor and trusted
> > solaris and so on could make use of the same framework
>
> Giv
Robert Haas writes:
> On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian wrote:
>> I wonder if we should rephrase this as, "How hard will this feature be
>> to add, and how hard will it be to remove in a few years if we decide we
>> don't want it?"
> Yes, I think that's the right way to think about i
Robert Haas wrote:
> Bruce Momjian wrote:
>> Personally, I think AppArmor is a saner security system:
>>
>>
http://www.novell.com/linux/security/apparmor/selinux_comparison.html
> Agreed.
> I'd like to see us be able to support it. One of the things that
> I think would be worth looking i
On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian wrote:
> Robert Haas wrote:
>> > This is no harder than many of the other seemingly crazy things I have
>> > done, e.g. Win32 port, client library threading. ?If this is a feature
>> > we should have, I will get it done or get others to help me complet
Robert Haas wrote:
> > This is no harder than many of the other seemingly crazy things I have
> > done, e.g. Win32 port, client library threading. ?If this is a feature
> > we should have, I will get it done or get others to help me complete the
> > task.
>
> Well, I have always thought that it wo
On Sat, Dec 5, 2009 at 8:18 AM, Bruce Momjian wrote:
> Robert Haas wrote:
>> > I offered to review it. ?I was going to mostly review the parts that
>> > impacted our existing code, and I wasn't going to be able to do a
>> > thorough job of the SE-Linux-specific files.
>>
>> Review it and commit it
Robert Haas wrote:
> On Thu, Dec 3, 2009 at 5:23 PM, Josh Berkus wrote:
>> Kaigai, you've said that you could get SELinux folks involved in the
>> patch review. I think it's past time that they were; please solicit them.
>
> Actually, we tried that already, in a previous iteration of this
> disc
Robert Haas wrote:
> > I offered to review it. ?I was going to mostly review the parts that
> > impacted our existing code, and I wasn't going to be able to do a
> > thorough job of the SE-Linux-specific files.
>
> Review it and commit it, after making whatever modifications are
> necessary? Or r
On Sat, Dec 5, 2009 at 12:14 AM, Bruce Momjian wrote:
> Robert Haas wrote:
>> Actually, we tried that already, in a previous iteration of this
>> discussion. Someone actually materialized and commented on a few
>> things. The problem, as I remember it, was that they didn't know much
>> about Pos
Robert Haas wrote:
> Actually, we tried that already, in a previous iteration of this
> discussion. Someone actually materialized and commented on a few
> things. The problem, as I remember it, was that they didn't know much
> about PostgreSQL, so we didn't get very far with it. Unfortunately, I
On Thu, Dec 3, 2009 at 5:23 PM, Josh Berkus wrote:
>
>> In words of one syllable: I do not care at all whether the NSA would use
>> Postgres, if they're not willing to come and help us build it.
>
> There's several 2-syllable words there. ;-)
>
> If we
>> tried to build it without their input, w
> In words of one syllable: I do not care at all whether the NSA would use
> Postgres, if they're not willing to come and help us build it.
There's several 2-syllable words there. ;-)
If we
> tried to build it without their input, we'd probably not produce what
> they want anyway.
Yeah, the
Andrew Dunstan wrote:
> I think you have been remarkably good about our caution in accepting
> this. You certainly have my admiration for your patience.
Agreed.
> What would probably help us a lot would be to know some names of large
> users who want and will support this. NEC's name is a good st
Ron Mayer wrote:
> KaiGai Kohei wrote:
>> Needless to say, NEC is also a supporter to develop and maintain
>> SE-PgSQL feature. We believe it is a necessity feature to construct
>> secure platform for SaaS/Cloud computing, so my corporation has funded
>> to develop SE-PgSQL for more than two years.
KaiGai Kohei wrote:
> Needless to say, NEC is also a supporter to develop and maintain
> SE-PgSQL feature. We believe it is a necessity feature to construct
> secure platform for SaaS/Cloud computing, so my corporation has funded
> to develop SE-PgSQL for more than two years.
Rather than "needless
KaiGai Kohei wrote:.
> Needless to say, NEC is also a supporter to develop and maintain
> SE-PgSQL feature. We believe it is a necessity feature to construct
> secure platform for SaaS/Cloud computing, so my corporation has funded
> to develop SE-PgSQL for more than two years.
>
> As I noted befo
Tom Lane wrote:
> Josh Berkus writes:
>> When GIS was introduced to this list ten years ago it was criticized as
>> a marginal feature and huge and intrusive. But today it's probably 40%
>> of our user base, and growing far more rapidly than anything else with
>> Postgres. Maybe SE will be more
Josh Berkus wrote:
> Bruce,
>
>> If we decide not to support SE-Linux, it is unlikely we will be adding
>> support for any other external security systems because SE-Linux has the
>> widest adoption.
>>
>> I think the big question is whether we are ready to extend Postgres to
>> support additional
Josh Berkus writes:
> When GIS was introduced to this list ten years ago it was criticized as
> a marginal feature and huge and intrusive. But today it's probably 40%
> of our user base, and growing far more rapidly than anything else with
> Postgres. Maybe SE will be more like Rules than like G
Bruce,
> If we decide not to support SE-Linux, it is unlikely we will be adding
> support for any other external security systems because SE-Linux has the
> widest adoption.
>
> I think the big question is whether we are ready to extend Postgres to
> support additional security infrastructures.
101 - 126 of 126 matches
Mail list logo