Quick Links

Re: Heroku early upgrade is raising serious questions

From:	Andres Freund <andres(at)2ndquadrant(dot)com>
To:	Stephen Frost <sfrost(at)snowman(dot)net>
Cc:	"Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Michael Meskes <meskes(at)postgresql(dot)org>, Dave Page <dpage(at)pgadmin(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>, damien clochard <damien(at)dalibo(dot)info>, "Jonathan S(dot) Katz" <jonathan(dot)katz(at)excoventures(dot)com>, PostgreSQL Advocacy <pgsql-advocacy(at)postgresql(dot)org>
Subject:	Re: Heroku early upgrade is raising serious questions
Date:	2013-04-09 18:09:15
Message-ID:	20130409180915.GG27905@awork2.anarazel.de
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-advocacy

On 2013-04-09 13:59:29 -0400, Stephen Frost wrote:
> * Andres Freund (andres(at)2ndquadrant(dot)com) wrote:
> > Also, it changes how privileged the people that get access to the
> > vulnerability are. If they are allowed to install at the same time as
> > everyone else its somewhat fair game, otherwise there will be people
> > making a marketing distinction out of their privileged access.
>
> I do not consider this a game where everyone should be treated 'fairly'
> wrt their exposure to attackers. I would be open to including something
> in the policy which discourages members from advertising their
> membership as a marketing distinction, but I'm not convinced that it's
> necessary.

Note that I am not saying that it has to be fair. I haven't yet made up
my mind about it, I am just saying its a fair point to make. And I think
the increased exposure and thus increased likelihood of leakage due to
more widespread usage holds some weight, completely independent of the
argument of fairness.

Greetings,

Andres Freund

--
Andres Freund http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services

In response to

Re: Heroku early upgrade is raising serious questions at 2013-04-09 17:59:29 from Stephen Frost

Responses

Re: Heroku early upgrade is raising serious questions at 2013-04-09 18:17:56 from Stephen Frost

Browse pgsql-advocacy by date

	From	Date	Subject
Next Message	Stephen Frost	2013-04-09 18:13:58	Re: Heroku early upgrade is raising serious questions
Previous Message	Selena Deckelmann	2013-04-09 18:05:20	Re: Heroku early upgrade is raising serious questions