Re: Heroku early upgrade is raising serious questions
От | Jean-Paul Argudo |
---|---|
Тема | Re: Heroku early upgrade is raising serious questions |
Дата | |
Msg-id | 1366011777.4112.27.camel@deiphobe обсуждение исходный текст |
Ответ на | Re: Heroku early upgrade is raising serious questions (Stephen Frost <sfrost@snowman.net>) |
Ответы |
Re: Heroku early upgrade is raising serious questions
(Selena Deckelmann <selena@chesnok.com>)
Re: Heroku early upgrade is raising serious questions (Dimitri Fontaine <dimitri@2ndQuadrant.fr>) Re: Heroku early upgrade is raising serious questions (David Johnston <polobo@yahoo.com>) |
Список | pgsql-advocacy |
Hi Stephen, Hi all, First, Stephen, please apology the short quote of your mail below. Le vendredi 12 avril 2013 à 09:18 -0400, Stephen Frost a écrit : > I > don't think that means we should give up on having a security policy > which allows early access to trusted organizations. So I just quoted this sentence. Actually, I wanted to quote only 2 words: "trusted organizations". If we want to still deliver early accesses to some and not to the others, then, yes, we would want "trusted organizations". The fundamental question then, is how organizations qualify to become "trusted organizations" ? In the commercial~business'world that's quite obvious. Some pay for it, others signs Non-Disclosure Agreement, often both. But who will pay for what, given our organization doesn't have a single legal and central entity? If someone tells me about PostgreSQL Canada: do this organization has lawyers or is willing to pay for some ? Will this be appliable globally ? US or Can laws applies everywhere, really? Yeah, this is becoming awfully difficult IMHO. Lots of people on this list, and Im part of it, want to have users treated equally and carrefully. Saying one organization matters more than another just because it has more users or postmasters is wrong to me. We all know lots of places where a single postmaster holds such important data, sometimes managing somewhat people's life! Will we then compare among databases, who has the most important? How we will do that? How will you 'trust' a company which has 5,50,500,5000 people in it ? All these questions leads to undecidability, IMHO. To me the only way to do is give the access to all at the same time, despite all the problems that may occurs. Yes, it's the "hard way", but it's the only one leading to the equalty we want. It's not a community matter to care about commercial issues, to validate or invalidate one's business plan or whatever. People who really care about the security of their users will have to do the necessary efforts and machinery to think about a deployment plan when a security patch is commited. Don't read me too fast: I like Heroku a lot. I really appreciate all their efforts, sponsoring and incentive, putting the spotlights on PostgreSQL. I also like having more beer tickets like you all on the events :-P But do we, as a community, have to care about how they do business with PostgreSQL ? I don't think so. My 2 cents. -- Jean-Paul Argudo www.PostgreSQL.fr www.Dalibo.com
В списке pgsql-advocacy по дате отправления:
Следующее
От: Selena DeckelmannДата:
Сообщение: Re: Heroku early upgrade is raising serious questions