Thread: patch - BigSQL packages on Download

Hi

On Fri, Apr 29, 2016 at 5:15 PM, Rader, David <davidr@openscg.com> wrote:
> Attached is a proposed patch for the Windows, OS X, and Linux download pages
> to include the BigSQL.org packages for download.
>
> Please review for approval

I think there are a number of issues with this:

- The descriptions should be kept much shorter, a couple of lines at
most like the other entries.

- There are factual inaccuracies - your toolchain is not 100% Open
Source as stated. BitRock InstallBuilder is closed source.

- I don't believe one platforms description should discuss other
platforms - e.g, lose "This distribution is consistent across Windows,
Mac OS X, and Linux". If the general feeling is that it should be
included, then it should be added for the EDB packages as well.

- There should not be any mention of sandboxes on these pages. These
are intended to be very simple pages getting users up and running with
minimal confusion, not listing every possible option available to
them.

In general though, I do not feel it's appropriate to list these
packages at all, given that they make silent outbound HTTP calls
during installation, without the user being made aware of that or
being given any option to object. That could easily be considered a
privacy issue by people, one that may come back to bite us for hosting
the downloads on our primary listing.

I'm also somewhat concerned by some Python services that were left
running when I tried out the Mac version. Why would I have any Python
services running when I've installed PostgreSQL? If they're used by
your package manager, why are they not started and stopped as
required?

[Opinions are mine as a community member, not my employers]

-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

On Tue, May 3, 2016 at 10:00 AM, Dave Page <dpage@pgadmin.org> wrote:
> Hi
>
> On Fri, Apr 29, 2016 at 5:15 PM, Rader, David <davidr@openscg.com> wrote:
>> Attached is a proposed patch for the Windows, OS X, and Linux download pages
>> to include the BigSQL.org packages for download.
>>
>> Please review for approval
>
> I think there are a number of issues with this:
>
> - The descriptions should be kept much shorter, a couple of lines at
> most like the other entries.
>
> - There are factual inaccuracies - your toolchain is not 100% Open
> Source as stated. BitRock InstallBuilder is closed source.

Not to mention that you've used Microsoft VC++ to build pgAdmin III.

-- 
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

On 05/03/2016 02:00 AM, Dave Page wrote:

> In general though, I do not feel it's appropriate to list these
> packages at all, given that they make silent outbound HTTP calls
> during installation, without the user being made aware of that or
> being given any option to object. That could easily be considered a
> privacy issue by people, one that may come back to bite us for hosting
> the downloads on our primary listing.

I was under the impression that it is not in fact silent and that the 
page says what it is doing?

David, can you explain what is going on here?

Sincerely,

JD



-- 
Command Prompt, Inc.                  http://the.postgres.company/                        +1-503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Everyone appreciates your honesty, until you are honest with them.

On 05/03/2016 09:51 AM, Rader, David wrote:
> Josh -
>
> There are 2 types http requests - the first being to download pgAdmin or
> PostgreSQL Studio if selected by the user.  The description for those
> components says that a xxMB download is required and the user could
> choose to not install them to avoid the http request.

O.k. this one I think is fine and reasonable.

>
> The 2nd type is to update the list of components and versions available
> for install or update - which we are going to change to be explicit
> rather than implicit. I think _most_ users today expect auto checks to
> see if updates are available (think every smart phone, modern OS X and
> Windows, desktop apps like Atom, etc, etc). But it's not the majority of
> casual users that complain about privacy issues - it's the small group
> of vocal people concerned enough to look that do. So we are going to
> change to not update the package list during the install but leave it to
> the user for afterwards.

If it were me, I would use a static list and have a button that says:

Would you like to update the list of components available for download 
(Internet connection needed)? Yes/No

And run with that.

Sincerely,

JD

-- 
Command Prompt, Inc.                  http://the.postgres.company/                        +1-503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Everyone appreciates your honesty, until you are honest with them.

> On 3 May 2016, at 17:31, Joshua D. Drake <jd@commandprompt.com> wrote:
>
>> On 05/03/2016 02:00 AM, Dave Page wrote:
>>
>> In general though, I do not feel it's appropriate to list these
>> packages at all, given that they make silent outbound HTTP calls
>> during installation, without the user being made aware of that or
>> being given any option to object. That could easily be considered a
>> privacy issue by people, one that may come back to bite us for hosting
>> the downloads on our primary listing.
>
> I was under the impression that it is not in fact silent and that the page says what it is doing?

Perhaps you should try it? It was obvious you hadn't the last time you made various assertions about the distribution
incomparison to EDBs. 

Uninformed comments don't help anyone here.

Josh - 

There are 2 types http requests - the first being to download pgAdmin or PostgreSQL Studio if selected by the user.  The description for those components says that a xxMB download is required and the user could choose to not install them to avoid the http request.

The 2nd type is to update the list of components and versions available for install or update - which we are going to change to be explicit rather than implicit. I think _most_ users today expect auto checks to see if updates are available (think every smart phone, modern OS X and Windows, desktop apps like Atom, etc, etc). But it's not the majority of casual users that complain about privacy issues - it's the small group of vocal people concerned enough to look that do. So we are going to change to not update the package list during the install but leave it to the user for afterwards.

-Dave

--

David Rader

davidr@openscg.com

On Tue, May 3, 2016 at 12:31 PM, Joshua D. Drake <jd@commandprompt.com> wrote:

On 05/03/2016 02:00 AM, Dave Page wrote:

In general though, I do not feel it's appropriate to list these
packages at all, given that they make silent outbound HTTP calls
during installation, without the user being made aware of that or
being given any option to object. That could easily be considered a
privacy issue by people, one that may come back to bite us for hosting
the downloads on our primary listing.

I was under the impression that it is not in fact silent and that the page says what it is doing?

David, can you explain what is going on here?

Sincerely,

JD

--
Command Prompt, Inc.                  http://the.postgres.company/
                        +1-503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Everyone appreciates your honesty, until you are honest with them.

On 05/03/2016 11:42 AM, Dave Page wrote:
>
>
>> On 3 May 2016, at 17:31, Joshua D. Drake <jd@commandprompt.com> wrote:
>>
>>> On 05/03/2016 02:00 AM, Dave Page wrote:
>>>
>>> In general though, I do not feel it's appropriate to list these
>>> packages at all, given that they make silent outbound HTTP calls
>>> during installation, without the user being made aware of that or
>>> being given any option to object. That could easily be considered a
>>> privacy issue by people, one that may come back to bite us for hosting
>>> the downloads on our primary listing.
>>
>> I was under the impression that it is not in fact silent and that the page says what it is doing?
>
> Perhaps you should try it? It was obvious you hadn't the last time you made various assertions about the distribution
incomparison to EDBs.
 

My comment was directed at David, not at you. I was told it acted 
differently than what you said it did. I was trying to make sure that 
all conversations were happening in the open.

>
> Uninformed comments don't help anyone here.
>

Agreed, so please get your facts straight before you assume that I was 
acting in bad faith.

Sincerely,

JD


-- 
Command Prompt, Inc.                  http://the.postgres.company/                        +1-503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Everyone appreciates your honesty, until you are honest with them.

> On 3 May 2016, at 21:06, Joshua D. Drake <jd@commandprompt.com> wrote:
>
>> On 05/03/2016 11:42 AM, Dave Page wrote:
>>
>>
>>>> On 3 May 2016, at 17:31, Joshua D. Drake <jd@commandprompt.com> wrote:
>>>>
>>>> On 05/03/2016 02:00 AM, Dave Page wrote:
>>>>
>>>> In general though, I do not feel it's appropriate to list these
>>>> packages at all, given that they make silent outbound HTTP calls
>>>> during installation, without the user being made aware of that or
>>>> being given any option to object. That could easily be considered a
>>>> privacy issue by people, one that may come back to bite us for hosting
>>>> the downloads on our primary listing.
>>>
>>> I was under the impression that it is not in fact silent and that the page says what it is doing?
>>
>> Perhaps you should try it? It was obvious you hadn't the last time you made various assertions about the
distributionin comparison to EDBs. 
>
> My comment was directed at David, not at you. I was told it acted differently than what you said it did. I was trying
tomake sure that all conversations were happening in the open. 

Your quote attribution would indicate otherwise.

>
>>
>> Uninformed comments don't help anyone here.
>>
>
> Agreed, so please get your facts straight before you assume that I was acting in bad faith.

Perhaps you could indicate what facts I haven't got straight, as I'm unaware of anything I've got wrong.

Thanks.

On 05/03/2016 01:25 PM, Dave Page wrote:

>> Agreed, so please get your facts straight before you assume that I was acting in bad faith.
>
> Perhaps you could indicate what facts I haven't got straight, as I'm unaware of anything I've got wrong.

Perhaps we are just having a classic email miscommunication but my only 
goal with this thread is to insure that OpenSCG is represented properly 
for the community work that they are doing.

Sincerely,

JD


-- 
Command Prompt, Inc.                  http://the.postgres.company/                        +1-503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Everyone appreciates your honesty, until you are honest with them.

On 05/03/2016 02:00 AM, Dave Page wrote:
> Hi
>
> On Fri, Apr 29, 2016 at 5:15 PM, Rader, David <davidr@openscg.com> wrote:
>> Attached is a proposed patch for the Windows, OS X, and Linux download pages
>> to include the BigSQL.org packages for download.

> - I don't believe one platforms description should discuss other
> platforms - e.g, lose "This distribution is consistent across Windows,
> Mac OS X, and Linux". If the general feeling is that it should be
> included, then it should be added for the EDB packages as well.

I actually think this would be a good thing for both installers. It 
might lend to further popularity among developers who are testing.

Sincerely,

JD


-- 
Command Prompt, Inc.                  http://the.postgres.company/                        +1-503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Everyone appreciates your honesty, until you are honest with them.