Re: Heroku early upgrade is raising serious questions

From: Josh Berkus <josh(at)agliodbs(dot)com>
To: pgsql-advocacy(at)postgresql(dot)org
Subject: Re: Heroku early upgrade is raising serious questions
Date: 2013-04-02 22:40:17
Message-ID: 515B5E51.4040601@agliodbs.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-advocacy


> What I know is that Heroku's announcement is raising many questions all
> over the place:
>
> http://techcrunch.com/2013/04/01/heroku-forces-customer-upgrade-to-fix-critical-postgresql-security-hole/
> https://news.ycombinator.com/item?id=5475619

Just to keep this in scope, those are two places, and the first sources
the second, so basically "Hacker News is complaining". I'll also point
out that many of the comments on the HN thread are supportive. Also,
contrast this Slashdot thread:

http://news.slashdot.org/story/13/03/29/1519208/security-fix-leads-to-postgresql-lock-down

... which praises us for taking reasonable security precautions as a
consensus of the comments.

> In other words, we are sending a terrible message to our users. I
> understand that this bug cannot be discussed in public but the Heroku
> upgrade is public and therefore the PostgreSQL community needs to come
> up with an explanation to make things clear and avoid misunderstandings
> and frustration.

I don't think this is as big of an issue as you seem to. I do think we
should have some messaging around this, but I don't agree that it should
happen before Thursday, when we will be doing PR around the security
update anyway.

I'm also happy that we're getting all this press, because it means
people will actually apply the darned updates.

--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com

In response to

Responses

Browse pgsql-advocacy by date

  From Date Subject
Next Message Joshua D. Drake 2013-04-02 22:52:05 Re: Heroku early upgrade is raising serious questions
Previous Message Bruce Momjian 2013-04-02 21:52:01 Re: Heroku early upgrade is raising serious questions