Re: Heroku early upgrade is raising serious questions

On Mon, Apr 15, 2013 at 10:23:09AM +0200, Dimitri Fontaine wrote:
> Jean-Paul Argudo <jean-paul(at)postgres(dot)fr> writes:
> > The fundamental question then, is how organizations qualify to become
> > "trusted organizations" ?
>
> >From my understanding of the current situation, it's quite easy and
> clear, arrange to be subscriber on pgsql-packagers.

People will not be happy if we add people to packagers and someone leaks
information to hackers before the official release.

> Maybe what we need to do is document that to get early access to
> security updates you need to be registered as a packager, and that we
> only accept trusted person in there.
>
> Then any packager is trusted to release the upgrade either in the open
> following the public rules, or otherwise as he sees fit with *explicit
> approval* from core.
>
> The procedure certainly would need to be specific that should you fail
> to follow those 2 easy to document cases, you can get removed from the
> packagers list.

Again, the damage is done if someone leaks information, and being
removed from packagers doesn't fix the security problem for everyone
else. We just can't have an iterative process here were we guess who is
trust-worthy and vulnerable, and then remove people when we are wrong.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ It's impossible for everything to be true. +