Re: Heroku early upgrade is raising serious questions - Mailing list pgsql-advocacy

From Andres Freund
Subject Re: Heroku early upgrade is raising serious questions
Date
Msg-id 20130409165516.GA27905@awork2.anarazel.de
Whole thread Raw
In response to Re: Heroku early upgrade is raising serious questions  (Stephen Frost <sfrost@snowman.net>)
Responses Re: Heroku early upgrade is raising serious questions  (Stephen Frost <sfrost@snowman.net>)
List pgsql-advocacy
On 2013-04-09 12:29:37 -0400, Stephen Frost wrote:
> * Joshua D. Drake (jd@commandprompt.com) wrote:
> > On 04/09/2013 09:01 AM, Michael Meskes wrote:
> > >>Well no because traditional packagers all release at the same time
> > >>so that there is no disparity between when Ubuntu gets the fix and
> > >>Solaris gets the fix.
> > >
> > >So what do I misunderstand? As far as I read it, Damien said all should get the
> > >fix at the same time, right? Which is what you say and also what Dave said,
> > >isn't it? I think the question we're dancing around here is, should anyone be
> > >allowed to deploy before the embargo is over? I don't mind DBaaS providers
> > >getting the fix early, but I mind seeing it deployed early.
> >
> > Maybe I wasn't clear, sorry. No. I do not believe that ANY entity
> > should be able to deploy before the embargo is over.
>
> Then perhaps I'm missing something, but what's the point in getting the
> update if you can't actually apply it until everyone (including the bad
> guys) know about it?  Particularly when applying it is going to take a
> whole lot more time than it takes for the bad guys to probe your systems
> and figure out which aren't patched yet...

Patching, packaging and verifying that the package works takes time,
especially if you run a modified version of postgres.

Greetings,

Andres Freund

--
 Andres Freund                       http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services


pgsql-advocacy by date:

Previous
From: "Joshua D. Drake"
Date:
Subject: Re: Heroku early upgrade is raising serious questions
Next
From: Stephen Frost
Date:
Subject: Re: Heroku early upgrade is raising serious questions