Re: Heroku early upgrade is raising serious questions

Jean-Paul Argudo-6 wrote
> Yeah, this is becoming awfully difficult IMHO.
>
> Lots of people on this list, and Im part of it, want to have users
> treated equally and carrefully.

If it is felt that a legal hammer hanging over their head is necessary to
get someone abide by the terms of the early release then that company/person
should simply not be given access.

There is a happy medium between "do nothing special" and "have an ironclad
policy in place" that is worth exploring.  Those who do not make the
"special" listing are only minimally worse off in that some people have the
code and could exploit that fact.  If the risk of such pre-exploitation is
considerably less than the risk of normal exploitation once the code is
released then the risk-reward balance for the community as a whole suggests
that early release is preferable.

The question I guess is whether you believe the people being dealt with are
inherently good or bad.  People with long track records of contributing to
the project and with high-profile stacks in the project succeeding should
have enough self-preservation interest in seeing that the code is kept
secure just to maintain their reputation, credibility, and business.

It would be worth inspecting the release policy and making sure that the
fewest number of people have access to the source code during the embargo
period.  In effect Heroku should have a single person apply the patch and
build their internal distributions and then invoke their own internal
embargo so that no-one in the company would be allowed to see that
patch/source; they are only allowed to deploy the binary distributions.

David J.




--
View this message in context:
http://postgresql.1045698.n5.nabble.com/Heroku-early-upgrade-is-raising-serious-questions-tp5750503p5752192.html
Sent from the PostgreSQL - advocacy mailing list archive at Nabble.com.