Re: Heroku early upgrade is raising serious questions

On 04/09/2013 09:29 AM, Stephen Frost wrote:
> * Joshua D. Drake (jd(at)commandprompt(dot)com) wrote:
>> On 04/09/2013 09:01 AM, Michael Meskes wrote:
>>>> Well no because traditional packagers all release at the same time
>>>> so that there is no disparity between when Ubuntu gets the fix and
>>>> Solaris gets the fix.
>>>
>>> So what do I misunderstand? As far as I read it, Damien said all should get the
>>> fix at the same time, right? Which is what you say and also what Dave said,
>>> isn't it? I think the question we're dancing around here is, should anyone be
>>> allowed to deploy before the embargo is over? I don't mind DBaaS providers
>>> getting the fix early, but I mind seeing it deployed early.
>>
>> Maybe I wasn't clear, sorry. No. I do not believe that ANY entity
>> should be able to deploy before the embargo is over.
>
> Then perhaps I'm missing something, but what's the point in getting the
> update if you can't actually apply it until everyone (including the bad
> guys) know about it? Particularly when applying it is going to take a
> whole lot more time than it takes for the bad guys to probe your systems
> and figure out which aren't patched yet...

I don't know that there is a all-in-one solution for this particular
scenario.

Joshua D. Drake

--
Command Prompt, Inc. - http://www.commandprompt.com/
PostgreSQL Support, Training, Professional Services and Development
High Availability, Oracle Conversion, Postgres-XC
@cmdpromptinc - 509-416-6579