Robert Haas wrote:
Agreed. ?SE-Linux support might expand our user base and give us
additional credibility, or it might be a feature that few people use ---
and I don't think anyone knows the outcome.
I wonder if we should rephrase this as, How hard will this feature be
to add, and how
Martijn van Oosterhout escribió:
On Mon, Dec 07, 2009 at 01:09:59PM -0300, Alvaro Herrera wrote:
This is how the code was developed initially -- the patch was called
PGACE and SELinux was but the first implementation on top of it.
I find it astonishing that after SE-PgSQL was implemented
Bruce Momjian br...@momjian.us writes:
Robert Haas wrote:
Yes, I think that's the right way to think about it. At a guess, it's
two man-months of work to get it in, and ripping it out is likely
technically fairly simple but will probably be politically impossible.
I figure if there is
Tom Lane wrote:
Bruce Momjian br...@momjian.us writes:
Robert Haas wrote:
Yes, I think that's the right way to think about it. At a guess, it's
two man-months of work to get it in, and ripping it out is likely
technically fairly simple but will probably be politically impossible.
I
On Mon, Dec 7, 2009 at 1:00 PM, Bruce Momjian br...@momjian.us wrote:
As Alvaro mentioned, the original patch used ACE but it added too much
code so the community requested its removal from the patch. It could be
re-added if we have a need.
Well, there's no point in putting that framework
Tom Lane wrote:
Robert Haas robertmh...@gmail.com writes:
On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian br...@momjian.us wrote:
I wonder if we should rephrase this as, How hard will this feature be
to add, and how hard will it be to remove in a few years if we decide we
don't want it?
Yes,
Bruce Momjian wrote:
Tom Lane wrote:
Bruce Momjian br...@momjian.us writes:
Robert Haas wrote:
Yes, I think that's the right way to think about it. At a guess, it's
two man-months of work to get it in, and ripping it out is likely
technically fairly simple but will probably be politically
Robert Haas wrote:
On Mon, Dec 7, 2009 at 1:00 PM, Bruce Momjian br...@momjian.us wrote:
As Alvaro mentioned, the original patch used ACE but it added too much
code so the community requested its removal from the patch. It could be
re-added if we have a need.
Well, there's no point in
I could not find the message from David P. Quigley in the list,
although pgsql-hackers@postgresql.org was Cc:'ed.
(something troubled?)
So, I'll send it again for your information.
Original Message
Subject: Re: [HACKERS] Adding support for SE-Linux security
Date: Mon, 07 Dec
KaiGai Kohei escribió:
I could not find the message from David P. Quigley in the list,
although pgsql-hackers@postgresql.org was Cc:'ed.
(something troubled?)
Weird. It didn't even made it to the moderator queue for some reason.
Perhaps the system dropped it as spam.
So, I'll send it again
David P. Quigley wrote:
Not to start a flame war here about access control models but you gave 3
different examples one of which I don't think has any means to do
anything productive here.
You won't be starting a flame war for the same reason some of the
community members are so concerned about
On Sat, Dec 5, 2009 at 8:18 AM, Bruce Momjian br...@momjian.us wrote:
Robert Haas wrote:
I offered to review it. ?I was going to mostly review the parts that
impacted our existing code, and I wasn't going to be able to do a
thorough job of the SE-Linux-specific files.
Review it and commit
On Sat, Dec 5, 2009 at 12:14 AM, Bruce Momjian br...@momjian.us wrote:
Robert Haas wrote:
Actually, we tried that already, in a previous iteration of this
discussion. Someone actually materialized and commented on a few
things. The problem, as I remember it, was that they didn't know much
Robert Haas wrote:
I offered to review it. ?I was going to mostly review the parts that
impacted our existing code, and I wasn't going to be able to do a
thorough job of the SE-Linux-specific files.
Review it and commit it, after making whatever modifications are
necessary? Or review it
Robert Haas wrote:
On Thu, Dec 3, 2009 at 5:23 PM, Josh Berkus j...@agliodbs.com wrote:
Kaigai, you've said that you could get SELinux folks involved in the
patch review. I think it's past time that they were; please solicit them.
Actually, we tried that already, in a previous iteration of
On Thu, Dec 3, 2009 at 5:23 PM, Josh Berkus j...@agliodbs.com wrote:
In words of one syllable: I do not care at all whether the NSA would use
Postgres, if they're not willing to come and help us build it.
There's several 2-syllable words there. ;-)
If we
tried to build it without their
Robert Haas wrote:
Actually, we tried that already, in a previous iteration of this
discussion. Someone actually materialized and commented on a few
things. The problem, as I remember it, was that they didn't know much
about PostgreSQL, so we didn't get very far with it. Unfortunately, I
Andrew Dunstan wrote:
I think you have been remarkably good about our caution in accepting
this. You certainly have my admiration for your patience.
Agreed.
What would probably help us a lot would be to know some names of large
users who want and will support this. NEC's name is a good
In words of one syllable: I do not care at all whether the NSA would use
Postgres, if they're not willing to come and help us build it.
There's several 2-syllable words there. ;-)
If we
tried to build it without their input, we'd probably not produce what
they want anyway.
Yeah, the
Bruce,
If we decide not to support SE-Linux, it is unlikely we will be adding
support for any other external security systems because SE-Linux has the
widest adoption.
I think the big question is whether we are ready to extend Postgres to
support additional security infrastructures.
Josh Berkus j...@agliodbs.com writes:
When GIS was introduced to this list ten years ago it was criticized as
a marginal feature and huge and intrusive. But today it's probably 40%
of our user base, and growing far more rapidly than anything else with
Postgres. Maybe SE will be more like
Josh Berkus wrote:
Bruce,
If we decide not to support SE-Linux, it is unlikely we will be adding
support for any other external security systems because SE-Linux has the
widest adoption.
I think the big question is whether we are ready to extend Postgres to
support additional security
Tom Lane wrote:
Josh Berkus j...@agliodbs.com writes:
When GIS was introduced to this list ten years ago it was criticized as
a marginal feature and huge and intrusive. But today it's probably 40%
of our user base, and growing far more rapidly than anything else with
Postgres. Maybe SE will
KaiGai Kohei wrote:.
Needless to say, NEC is also a supporter to develop and maintain
SE-PgSQL feature. We believe it is a necessity feature to construct
secure platform for SaaS/Cloud computing, so my corporation has funded
to develop SE-PgSQL for more than two years.
As I noted before,
KaiGai Kohei wrote:
Needless to say, NEC is also a supporter to develop and maintain
SE-PgSQL feature. We believe it is a necessity feature to construct
secure platform for SaaS/Cloud computing, so my corporation has funded
to develop SE-PgSQL for more than two years.
Rather than needless to
Ron Mayer wrote:
KaiGai Kohei wrote:
Needless to say, NEC is also a supporter to develop and maintain
SE-PgSQL feature. We believe it is a necessity feature to construct
secure platform for SaaS/Cloud computing, so my corporation has funded
to develop SE-PgSQL for more than two years.
101 - 126 of 126 matches
Mail list logo