Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep)

Peter Eisentraut <peter_e@gmx.net> writes:
> Aidan Van Dyk wrote:
>> Actually, I'ld go one stroke farther, and ask:
>> Does it make sense to introduce a bunch of features that are only
>> usable to people *able to write proper SELinux policy sets* (or whatever
>> they are called).

> I consider this a valid concern, but given that some people want MAC and 
> no one has shown a better way to implement MAC than SELinux, you can 
> hardly use that as an objection against this particular patch.

The objection comes down to this: it's an extremely large, invasive,
and probably performance-losing patch, which apparently will be of use
to only a rather small set of people.  It's not unreasonable to discuss
just how large that set might be while we debate whether to accept the
patch.
        regards, tom lane