Re: Heroku early upgrade is raising serious questions - Mailing list pgsql-advocacy

From Jean-Paul Argudo
Subject Re: Heroku early upgrade is raising serious questions
Date
Msg-id 1366104400.4083.17.camel@deiphobe
Whole thread Raw
In response to Re: Heroku early upgrade is raising serious questions  (Dimitri Fontaine <dimitri@2ndQuadrant.fr>)
Responses Re: Heroku early upgrade is raising serious questions
List pgsql-advocacy
Hi All,


First, thanks for your comments. This discussion is very interesting.

Le mardi 16 avril 2013 à 09:21 +0200, Dimitri Fontaine a écrit :
> Bruce Momjian <bruce@momjian.us> writes:
> > People will not be happy if we add people to packagers and someone leaks
> > information to hackers before the official release.
>
> Indeed. That's the way it works today, though.

Yes, true. I see no solution to this problem. Thats why I suggested our
community doesn't deal with it, since every solution we may find will be
surely incomplete if not wrong.

I really doubt we find some kind of solution like "one fits all".

One can play with words (or pictures :-P), but is it really to us, as a
community, to fix one's particular problems?

>> Again, the damage is done if someone leaks information, and being
> > removed from packagers doesn't fix the security problem for everyone
> > else. We just can't have an iterative process here were we guess who is
> > trust-worthy and vulnerable, and then remove people when we are wrong.
>
> Agreed. It's a problem of trust, not of procedure, and that's what I
> wanted to stress in my previous email by saying that we already have the
> procedure. Thanks for underlining it.

So you both agreed on the 1st mail of this thread, at least on the
problem I tried to explain (apologies, I'm quoting myself):

  The fundamental question then, is how organizations qualify to become
  "trusted organizations" ?

On this point, AFAIK, there's still no answer.

> Regards,
> --
> Dimitri Fontaine
> http://2ndQuadrant.fr     PostgreSQL : Expertise, Formation et Support


--
Jean-Paul Argudo
www.PostgreSQL.fr




pgsql-advocacy by date:

Previous
From: Dimitri Fontaine
Date:
Subject: Re: Speaking of event triggers ...
Next
From: Jean-Paul Argudo
Date:
Subject: Re: Heroku early upgrade is raising serious questions