Thread: [Fwd: General Information]
Hi guys, I just received this email, but don't have the energy to look after it. Does anyone else feel like helping out James here? Regards and best wishes, Justin Clift -------- Original Message -------- Subject: General Information Date: Fri, 4 Apr 2003 06:55:29 -0500 From: "James Lewis" <jlewisc399@rogers.com> Reply-To: <jlewis@golden.net> To: <justin@postgresql.org> Justin, We are considering using PostgreSQL as the backbone for hosting a new application suite. The appeal is obvious but what about security of data? What is the mechanism for securing the open source? How do developers submit source and who QA's it ? What is the performance and scalability like and has it been benched ? benched against other leading products such as MS, Progress, etc. Our initial thoughts are for an ASP modeled deployment with up to a thousand users per instantiated DB. Is the license owned by a trust whatsoever and is there a possibility of it being sold or differently licensed? Would there be limitations or agreements required to accompany our product once developed and licensed for use by customers ? Are there any software vendors creating apps with this backbone ? Anyone other than ISP / Webhosting types. What disadvantages should I consider ? James Lewis Professional Services LewisTech Consulting P# 416-993-4669 F# 416-597-8064 jlewis@golden.net www.golden.net/~jlewis
Attachment
On Friday 04 April 2003 19:06, you wrote: > Hi guys, > > I just received this email, but don't have the energy to look after it. > > Does anyone else feel like helping out James here? I will try but sending it out to list so that answers can be reviewed. So guys, please review it and forward it to OP if they are suitable. > > -------- Original Message -------- > Subject: General Information > Date: Fri, 4 Apr 2003 06:55:29 -0500 > From: "James Lewis" <jlewisc399@rogers.com> > Reply-To: <jlewis@golden.net> > To: <justin@postgresql.org> > > Justin, > > We are considering using PostgreSQL as the backbone for hosting a new > application suite. > > The appeal is obvious but what about security of data? What is the > mechanism for securing the open source? How do developers submit source > and who QA's it ? Only few developers have commit access to repository. They apply any patches people send. This core group has been working on postgresql for a long time and the membership of core group is awarded to only those who make significant contribution. No other person can alter the cvs repository. As far as QA is concerned, any bugs reported by users are prioritised and fixed as and when necessary. Those include all bugs ranging from adding/modifying patches to fixing functionalities to adding new features. > What is the performance and scalability like and has it been benched ? > benched against other leading products such as MS, Progress, etc. > Our initial thoughts are for an ASP modeled deployment with up to a > thousand users per instantiated DB. Database benchmark is a very thin ice to skate on. For that matter any other benchmark. A most recommended method is to set up a testbed and run your test yourselves. People here can help you to tune your database and application. As far as references are concerned, there are plenty of installations with data size around 10GB and few ranging more than 40 GB. I personally have benchamrked it for a dataset of 40GB and found it to be with 90-95% of oracle on a quad xeon machine. You need to setup the hardware considering your database load like number of concurrent users, size of data set and complexity of queries. That goes for any database. But postgresql can surely handle this kind of concurrent load given enough hardware resources. > Is the license owned by a trust whatsoever and is there a possibility of it > being sold or differently licensed? It is a BSD licensed code. So a company can take the product, commercialize it and sell it. However the real value comes from giving back to community because you earn trust and reputation that is probably worth more than direct business gains. I don't know if it can be packaged under different license but I believe should be possible. I recommend you study the license in detail. It is open and whatever is put up, that is the effective license. There is no hide and seek here. > Would there be limitations or agreements required to accompany our product > once developed and licensed for use by customers ? You mean you develop an app. on top of postgresql and customer need to install postgresql+your app.? In that case, they can just download the binaries/sources and install/manage themselves or pay a consultant/company to do that for them. There is no separate license required to use postgresql by an independent ISV or their customers. > What disadvantages should I consider ? Well, outside a relatively small community, postgresql does not have halo of it's commercial cousins. So selling it to management might be difficult initially. Other than that it does not beat commercial big boys as yet. But it is pretty close. And it does not have bloat associated with it. That's all I can think of, right now.. HTH Shridhar
On Friday 04 Apr 2003 4:48 pm, Shridhar Daithankar wrote: > On Friday 04 April 2003 19:06, you wrote: > > Hi guys, > > > > I just received this email, but don't have the energy to look after it. > > > > Does anyone else feel like helping out James here? > > I will try but sending it out to list so that answers can be reviewed. So > guys, please review it and forward it to OP if they are suitable. [snip] > > Is the license owned by a trust whatsoever and is there a possibility of > > it being sold or differently licensed? > > It is a BSD licensed code. So a company can take the product, commercialize > it and sell it. However the real value comes from giving back to community > because you earn trust and reputation that is probably worth more than > direct business gains. Nicely worded sir. > I don't know if it can be packaged under different license but I believe > should be possible. I recommend you study the license in detail. It is open > and whatever is put up, that is the effective license. There is no hide and > seek here. I'd snip the above paragraph and just recommend they get legal advice if they are planning to modify PG and resell it. > > Would there be limitations or agreements required to accompany our > > product once developed and licensed for use by customers ? > > You mean you develop an app. on top of postgresql and customer need to > install postgresql+your app.? In that case, they can just download the > binaries/sources and install/manage themselves or pay a consultant/company > to do that for them. There is no separate license required to use > postgresql by an independent ISV or their customers. Perhaps make it clear that the licence on PG has no effect on their schema, data or application. That's the usual concern I get with clients once I explain what open source is. -- Richard Huxton
People, Please look over my responses to make sure that I'm not putting my foot in anything: Mr. Lewis, > We are considering using PostgreSQL as the backbone for hosting a new > application suite. That's great! We'd be happy to feature you on the Advocacy site when you're up and running. > The appeal is obvious but what about security of data? Postgresql has a number of built-in security mechanisms, such as an ACL, schema, table, and object permissions, and MD5-encrypted passwords. Additionally, you could easily encrypt parts of your data through your middleware. If "bulletproof" security is a paramount concern, I recommend hiring a consultant with this area of expertise. > What is the > mechanism for securing the open source? I'm afraid I don't follow this question. What do you mean by "securing the Open Source?" > How do developers submit source > and who QA's it ? Source is submitted through CVS at developer.postgresql.org. Patches and features are approved or rejected by the 6-member core developer team, usually after a lively discussion on the developer mailing lists. Many new features are only added after surviving several months in production as optional patches in the "contrib" directory of the source tree. QA is done through the very active, 9000 + member online PostgreSQL community. Thanks to our many enthusiastic participants, we are able to test PostgreSQL in the field in amost every conceivable environment. Problems and bugs are reported to our mailing lists and quickly acted upon. For example, when the well-publicized zlib bug in 2001 was found to have affected PostgreSQL as well, a patched version was available in less than a week. > What is the performance and scalability like and has it been benched ? > benched against other leading products such as MS, Progress, etc. I personally use Postgres for 6 in-production commercial databases for my clients. Perhaps our strongest "scalability" demonstatration is by Afilias, who are hosting the .ORG registry on a PostgreSQL database. Regrettably, every benchmark I have yet seen in any online article is designed to favor the database whose team ran the benchmark. The database world is, at this time, lacking a relatively impartial, comprehensive set of database benchmarks. That being said, quite a few tests have been done on the speed issue alone. Rather than me hand-feeding you articles, I suggest that you "Google" for them; I think you'll find that on raw speed PostgreSQL comes out just behind MySQL or just ahead depending on who ran the test. > Our initial thoughts are for an ASP modeled deployment with up to a > thousand users per instantiated DB. Sounds good to me. > Is the license owned by a trust whatsoever and is there a possibility of it > being sold or differently licensed? No. > Would there be limitations or agreements required to accompany our product > once developed and licensed for use by customers ? No. PostgreSQL is BSD-licensed, and community-owned. See: http://www.postgresql.org/licence.html > Are there any software vendors creating apps with this backbone ? Anyone > other than ISP / Webhosting types. I'll have to research this for you. Unfortunately, while I personally know of several, they are not ready to go public with the technical details of their products. Hopefully someone else will come forward on one of our mailing lists. I personally develop custom, complex OLAP and scheduling applications based on PostgreSQL, and hundreds of members of our community do similar development. > What disadvantages should I consider ? None that I can think of, personally. But consider whom you're asking <grin>. Overall, I'd say that if you want to go further with this, you should hire an expert PostgreSQL consultant. Some are listed here: http://techdocs.postgresql.org/companies.php Good luck in your evaluation process. -- Josh Berkus PostgreSQL Advocacy Volunteer San Francisco
On Fri, 2003-04-04 at 10:48, Shridhar Daithankar wrote: > > What disadvantages should I consider ? > > Well, outside a relatively small community, postgresql does not have halo of > it's commercial cousins. So selling it to management might be difficult > initially. Other than that it does not beat commercial big boys as yet. But > it is pretty close. And it does not have bloat associated with it. > You might want to reword this or better define what "beat commercial big boys" means. Some folks might consider m$ sql server a commercial big boy, but I think we do beat them. It might be better to just say that postgresql does not have as many enterprise level add ons as oracle or db2, but for the majority of database applications it can act as quality substitute. Robert Treat
Shridhar,
Since nobody on this list has offered to synthesize our two responses, I will
do it and send it off to the requester.
--
-Josh Berkus
______AGLIO DATABASE SOLUTIONS___________________________
Josh Berkus
Complete information technology josh@agliodbs.com
and data management solutions (415) 565-7293
for law firms, small businesses fax 621-2533
and non-profit organizations. San Francisco