Re: Heroku early upgrade is raising serious questions

From: Dimitri Fontaine <dimitri(at)2ndQuadrant(dot)fr>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Andres Freund <andres(at)2ndquadrant(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Michael Meskes <meskes(at)postgresql(dot)org>, Dave Page <dpage(at)pgadmin(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, Adrian Klaver <adrian(dot)klaver(at)gmail(dot)com>, damien clochard <damien(at)dalibo(dot)info>, "Jonathan S(dot) Katz" <jonathan(dot)katz(at)excoventures(dot)com>, PostgreSQL Advocacy <pgsql-advocacy(at)postgresql(dot)org>
Subject: Re: Heroku early upgrade is raising serious questions
Date: 2013-04-09 21:57:40
Message-ID: m2ppy374ff.fsf@2ndQuadrant.fr
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-advocacy

Stephen Frost <sfrost(at)snowman(dot)net> writes:
> That does not address the large-scale deployments where upgrades also
> take a very signifigant amount of time. If we are to provide them with
> the information ahead of the release, as they are trusted, I do not
> believe it makes any sense to prevent them from upgrading their systems
> until the information is out in the open.

+1

> Weighing the needs of various communities along with their risk profiles
> and trustworthiness is a very difficult thing, but once vetted and
> approved for early access, they should be encouraged to do as much as
> they can to ensure they are not vulnerable provided that they are able
> to do so without disclosing sensetive information.

+1

And no ssh access to the servers seems like it applied.

The trust problem has just been presented to me in another phrasing that
we might want to be adressing: the level of trust we have into those
people who receive the information early obviously includes they not
perusing the information to exploit users (e.g. from competitive
places).

As obvious as it sounds, we have to write it down in the docs currently
being edited, I think.

Regards,
--
Dimitri Fontaine
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support

In response to

Browse pgsql-advocacy by date

  From Date Subject
Next Message Matteo Beccati 2013-04-10 10:36:15 Re: elephant logo in OFM format?
Previous Message Basil Bourque 2013-04-09 20:23:38 Re: Call for Google Summer of Code mentors, admins