Re: Heroku early upgrade is raising serious questions

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: damien clochard <damien(at)dalibo(dot)info>
Cc: PostgreSQL Advocacy <pgsql-advocacy(at)postgresql(dot)org>
Subject: Re: Heroku early upgrade is raising serious questions
Date: 2013-04-02 21:52:01
Message-ID: 20130402215201.GA16393@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-advocacy

On Tue, Apr 2, 2013 at 11:41:46PM +0200, damien clochard wrote:
> What I am discussing is that most people consider that Heroku is a
> "database as a service" company, not a distributor of software. And the
> overall feeling among DBA can be described as :
>
> "Why is Heroku so special ? Why do I have to wait 4 days while they are
> allowed to upgrade before the security breach is fully disclosed ?"
>
> In other words, we are sending a terrible message to our users. I
> understand that this bug cannot be discussed in public but the Heroku
> upgrade is public and therefore the PostgreSQL community needs to come
> up with an explanation to make things clear and avoid misunderstandings
> and frustration.

We realize this issue has become public and the core team is planning to
post an updated set of rules on how major security releases are
distributed, probably on or shortly after the Thursday release. I will
send this email to core so they are aware of it.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ It's impossible for everything to be true. +

In response to

Browse pgsql-advocacy by date

  From Date Subject
Next Message Josh Berkus 2013-04-02 22:40:17 Re: Heroku early upgrade is raising serious questions
Previous Message damien clochard 2013-04-02 21:41:46 Heroku early upgrade is raising serious questions