Hi Stephen, Hi all,
First, Stephen, please apology the short quote of your mail below.
Le vendredi 12 avril 2013 à 09:18 -0400, Stephen Frost a écrit :
> I
> don't think that means we should give up on having a security policy
> which allows early access to trusted organizations.
So I just quoted this sentence. Actually, I wanted to quote only 2
words: "trusted organizations".
If we want to still deliver early accesses to some and not to the
others, then, yes, we would want "trusted organizations".
The fundamental question then, is how organizations qualify to become
"trusted organizations" ?
In the commercial~business'world that's quite obvious. Some pay for it,
others signs Non-Disclosure Agreement, often both.
But who will pay for what, given our organization doesn't have a single
legal and central entity? If someone tells me about PostgreSQL Canada:
do this organization has lawyers or is willing to pay for some ? Will
this be appliable globally ? US or Can laws applies everywhere, really?
Yeah, this is becoming awfully difficult IMHO.
Lots of people on this list, and Im part of it, want to have users
treated equally and carrefully.
Saying one organization matters more than another just because it has
more users or postmasters is wrong to me. We all know lots of places
where a single postmaster holds such important data, sometimes managing
somewhat people's life!
Will we then compare among databases, who has the most important? How we
will do that?
How will you 'trust' a company which has 5,50,500,5000 people in it ?
All these questions leads to undecidability, IMHO.
To me the only way to do is give the access to all at the same time,
despite all the problems that may occurs. Yes, it's the "hard way", but
it's the only one leading to the equalty we want.
It's not a community matter to care about commercial issues, to validate
or invalidate one's business plan or whatever.
People who really care about the security of their users will have to do
the necessary efforts and machinery to think about a deployment plan
when a security patch is commited.
Don't read me too fast: I like Heroku a lot. I really appreciate all
their efforts, sponsoring and incentive, putting the spotlights on
PostgreSQL. I also like having more beer tickets like you all on the
events :-P
But do we, as a community, have to care about how they do business with
PostgreSQL ? I don't think so.
My 2 cents.
--
Jean-Paul Argudo
www.PostgreSQL.fr
www.Dalibo.com
