Re: Heroku early upgrade is raising serious questions

From: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
To: Josh Berkus <josh(at)agliodbs(dot)com>
Cc: damien clochard <damien(at)dalibo(dot)info>, "Jonathan S(dot) Katz" <jonathan(dot)katz(at)excoventures(dot)com>, PostgreSQL Advocacy <pgsql-advocacy(at)postgresql(dot)org>
Subject: Re: Heroku early upgrade is raising serious questions
Date: 2013-04-08 23:32:06
Message-ID: 51635376.9070108@commandprompt.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-advocacy


On 04/08/2013 04:12 PM, Josh Berkus wrote:
>
> Damien,
>
>> The Heroku announcement caused many confusions. The worst confusion is
>> that it sounds like Heroku gets a special treament and is allowed to
>> upgrade 3 days before full disclosure, while the rest of us have to wait
>> the official release date.
>
> So Heroku had permission from the core team to start their update early,
> partly because of required deployment times, and partly because they
> could supply testing and feedback on the patch, as they have with other
> patches they've backported from future versions of PostgreSQL. We were
> also conscious of the fact that, as far as we knew, Heroku represented
> the single largest organizational vulnerability to this particular
> issue, and that due to their "port-only access" the possibility of
> accidental disclosure was minimal.
>
> We didn't anticipate that the early notification we did combined with
> the Heroku outage notification would make it obvious that an early
> deployment was happening. We don't generally do early warnings, and
> this whole "cloud" thing is still new to us organizationally. ALso, we
> went from discovery to release in 3 weeks, so there wasn't a lot of
> discussion time around policy and procedure.
>
> Clearly we can't do it that way again.
>
> -core is currently hashing out thoughts on what might be a reasonable
> early notification process for high-risk users, and if it's feasible for
> us to have one. As well as other aspects of our security release procedure.
>

I think that one thing that is very important to remember here, is -core
doesn't make decisions lightly. I understand that some may have felt
that communication wasn't perfect (it wasn't) but I know several members
of core and they all take the position IMHO too seriously. So let's
relax, realize there is improvement to be made (which they and we do)
and just work the problem.

The rest is just noise.

Sincerely,

JD

--
Command Prompt, Inc. - http://www.commandprompt.com/
PostgreSQL Support, Training, Professional Services and Development
High Availability, Oracle Conversion, Postgres-XC
@cmdpromptinc - 509-416-6579

In response to

Responses

Browse pgsql-advocacy by date

  From Date Subject
Next Message Bruce Momjian 2013-04-08 23:32:21 Re: Heroku early upgrade is raising serious questions
Previous Message Josh Berkus 2013-04-08 23:12:20 Re: Heroku early upgrade is raising serious questions