Jean-Paul Argudo <jean-paul(at)postgres(dot)fr> writes:
> The fundamental question then, is how organizations qualify to become
> "trusted organizations" ?
From my understanding of the current situation, it's quite easy and
clear, arrange to be subscriber on pgsql-packagers.
Maybe what we need to do is document that to get early access to
security updates you need to be registered as a packager, and that we
only accept trusted person in there.
Then any packager is trusted to release the upgrade either in the open
following the public rules, or otherwise as he sees fit with *explicit
approval* from core.
The procedure certainly would need to be specific that should you fail
to follow those 2 easy to document cases, you can get removed from the
packagers list.
> Lots of people on this list, and Im part of it, want to have users
> treated equally and carrefully.
I can't resist, please don't mix equality and equity. See attached, as
pictures work so much better than written words.
Regards,
--
Dimitri Fontaine
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
