On Mon, Apr 08, 2013 at 06:58:57PM -0400, Jonathan S. Katz wrote:
> In this specific case, DBaaS providers were exposed to a bug that is
> relatively easy to exploit with potentially dire consequences that could
> potentially ruin many, many businesses (I do not want to give a bad estimate,
> so I won't provide a number). Let's say this horrible scenario happened:
So you're saying we make it dependant on how many business critical
installations a provider runs? In theory that makes a lot of sense, but in
reality I fail to see how to do this.
> sure, people could say that a DBaaS provider did not adequately secure their
> system, but fingers could also be pointed at the community for a) having a
> security hole in the first place (as ludicrous as that sounds to us as we
> know that software is flawed AND Postgres has an *excellent* track record for
> security) and b) not recognizing the damage that could be caused by not
> permitting systems considered to be "critical infrastructure" early access to
> a fix.
How about a big corporate user where PostgreSQL is the backbone? Wouldn't look
good for us either, but not being a DBaaS provider they are not in our focus
here. Makes me wonder why.
Michael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org
Jabber: michael.meskes at gmail dot com
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL
