On Tue, Apr 2, 2013 at 11:41:46PM +0200, damien clochard wrote:
> What I am discussing is that most people consider that Heroku is a
> "database as a service" company, not a distributor of software. And the
> overall feeling among DBA can be described as :
>
> "Why is Heroku so special ? Why do I have to wait 4 days while they are
> allowed to upgrade before the security breach is fully disclosed ?"
>
> In other words, we are sending a terrible message to our users. I
> understand that this bug cannot be discussed in public but the Heroku
> upgrade is public and therefore the PostgreSQL community needs to come
> up with an explanation to make things clear and avoid misunderstandings
> and frustration.
We realize this issue has become public and the core team is planning to
post an updated set of rules on how major security releases are
distributed, probably on or shortly after the Thursday release. I will
send this email to core so they are aware of it.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
