Re: Adding support for SE-Linux security

Tom Lane wrote:
> Josh Berkus <josh@agliodbs.com> writes:
>> When GIS was introduced to this list ten years ago it was criticized as
>> a marginal feature and huge and intrusive.  But today it's probably 40%
>> of our user base, and growing far more rapidly than anything else with
>> Postgres.  Maybe SE will be more like Rules than like GIS in the long
>> run, but there's no way for us to know that today.
> 
> What we do know is that GIS could be, and was, successfully developed
> outside core Postgres.  It didn't need to suck away a major portion of
> the effort of the core developers.  So it's not a very good analogy.
> 
> In the end this is a debate about what the community should do with its
> finite development resources.  Maybe, if we build this thing, they will
> come and we'll get so much additional contribution that it'll be a win
> all around.  But somehow, alleged users who won't even decloak enough
> to tell us they want it don't seem like likely candidates for becoming
> major contributors.
> 
> In words of one syllable: I do not care at all whether the NSA would use
> Postgres, if they're not willing to come and help us build it.  If we
> tried to build it without their input, we'd probably not produce what
> they want anyway.

I don't know any reputations of NSA in US, except for Hollywood often
makes them baddie in movies.

However, it is the fact SELinux is already an open source software
supported by people and corporations in multiple nations including
former communist nations, not only USA and its allied nations.

Needless to say, NEC is also a supporter to develop and maintain
SE-PgSQL feature. We believe it is a necessity feature to construct
secure platform for SaaS/Cloud computing, so my corporation has funded
to develop SE-PgSQL for more than two years.

As I noted before, if you worried about I escape anyware, it is quite
incorrect. Now I've been working to develop and integrate SE-PgSQL in
full-time.

We can also say SELinux community provides a development resource to
other OSS communities. For example, the recent version of Xorg has
SELinux support in userspace, such as SE-PgSQL, by the developer who
originally worked in SELinux community. SE-PgSQL is a similar case.
Anyway, I don't think we should build barrier between communities.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>