Joshua Brindle wrote:
> Peter Eisentraut wrote:
>>
>> When it comes to larger features, this development group has a great
>> deal of
>> experience in implementing existing specifications, even relatively
>> terrible
>> ones like SQL or ODBC or Oracle compatibility. But the expected
>> behavior has
>> to be written down somewhere, endorsed by someone with authority. It
>> can't
>> just be someone's idea. Especially for features that are so complex,
>> esoteric, invasive, and critical for security and performance.
>>
>
> Who do you consider has authority? The security community has as many
> opinions as any other. There are papers written on mandatory access
> controls in rdbms's but they are mostly about multi-level security,
> which SELinux has but primarily uses type enforcement. The SELinux
> community are all on board with KaiGai's object model (the object
> classes and permissions and how they are enforced), there has been
> quite a bit of discussion about them over the years. Trusted RUBIX
> integrated SELinux using the object classes that KaiGai made for
> SEPostgres.
Then document those in a reasonably formal sense. I don't think you can
just say that the implementation is the spec. I should have thought that
such a spec would actually appeal to the security community.
>
>> So I think if you want to get anywhere with this, scrap the code, and
>> start
>> writing a specification. One with references. And then let's
>> consider that
>> one.
>>
>
> Harsh.
>
Yeah, it is a bit. But we're being asked to swallow a fairly large lump,
so don't be surprised if we gag a bit.
I haven't followed the entire history of this patch set closely, but we
have over and over again emphasized the importance of getting community
buyin before you start coding a large feature, and this is a *very*
large feature. Reviewing the history briefly, it appears that KaiGai
prepared an initial set of patches before ever approaching the Postgres
community with it about 2 years ago. That is to some extent the source
of the friction, I suspect.
I'm also slightly surprised that some of the government and commercial
players in this space aren't speaking up much. I should have thought
this would generate some interest from players as disparate as RedHat
and the NSA.
cheers
andrew