Bruce Momjian <bruce@momjian.us> writes:
> People will not be happy if we add people to packagers and someone leaks
> information to hackers before the official release.
Indeed. That's the way it works today, though.
> Again, the damage is done if someone leaks information, and being
> removed from packagers doesn't fix the security problem for everyone
> else. We just can't have an iterative process here were we guess who is
> trust-worthy and vulnerable, and then remove people when we are wrong.
Agreed. It's a problem of trust, not of procedure, and that's what I
wanted to stress in my previous email by saying that we already have the
procedure. Thanks for underlining it.
Regards,
--
Dimitri Fontaine
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support