Adrian Klaver-3 wrote
> On 04/08/2013 05:50 PM, Josh Berkus wrote:
>>
>>> Agreed. As far as I can see things where handled in the Postgres way,
>>> when in doubt err on the side of caution. I applaud the efforts of those
>>> concerned and trust in their ability to build on the experience.
>>
>> Mostly I'd rather be arguing as to whether or not we should have given
>> Heroku early deployment vs. arguing whether or not we could have
>> prevented them from being hacked. The same goes for other users, which
>> is why we're discussing policy now.
>
> I am going to admit to being dense, but is it not the same thing?
I agree it's better to forego open source doctrine in the interest of
preventing a larger evil. If we had not given Heroku early acces and they
got hacked then the discussion would revolve around how said hack could have
been prevented instead. The is decidedly a worse discussion then making
them a special class of user. If not every person could be given "early
access" then whether someone is given access is irrelevant to another's
circumstance. Did anyone else even ask the question of special early access
terms? These kinds of decisions are why a -core group exists instead of
there simply being a communal repository to which anyone can contribute and
use. Not everything can be planned for in advance and so those unplanned
situations are delegated to a previously designated group of decision
makers. If people feel the current default process is insufficient they
should have spoken up before now and not when a special case was decided as
being necessary. This will hopefully impact the future but looking back the
process worked well and as intended.
David J.
--
View this message in context:
http://postgresql.1045698.n5.nabble.com/Heroku-early-upgrade-is-raising-serious-questions-tp5750503p5751367.html
Sent from the PostgreSQL - advocacy mailing list archive at Nabble.com.
