Re: Heroku early upgrade is raising serious questions
Вложения
В списке pgsql-advocacy по дате отправления:
| От | Stephen Frost |
|---|---|
| Тема | Re: Heroku early upgrade is raising serious questions |
| Дата | |
| Msg-id | 20130418000446.GD4361@tamriel.snowman.net обсуждение |
| Ответ на | Re: Heroku early upgrade is raising serious questions (Bruce Momjian <bruce@momjian.us>) |
| Список | pgsql-advocacy |
* Bruce Momjian (bruce@momjian.us) wrote:
> These are all good points. The vulnerability that got Heroku early
> access was a network port vulnerability. A different type of
> vulnerability might _not_ have gotten them early access, and might have
> gotten someone else early access. This port vulnerability was of a
> severity that historically we only see every five years, so it is hard
> to come up with a policy that might not be exercised for another five
> years.
I'm not a fan of building some massive table of who has what exposures
that we need to go and consult every time we have a security fix.
There's either "ok, certain people should know about this ahead of time"
and "this is small-potatoes and doesn't really need early notice", which
mainly boils down into unauthenticated vs. authenticated
vulnerabilities, imv.
I do agree, however, that each security issue needs to be considered
independently on a case-by-case basis.
Thanks,
Stephen
В списке pgsql-advocacy по дате отправления:
Сайт использует файлы cookie для корректной работы и повышения удобства. Нажимая кнопку «Принять» или продолжая пользоваться сайтом, вы соглашаетесь на их использование в соответствии с Политикой в отношении обработки cookie ООО «ППГ», в том числе на передачу данных из файлов cookie сторонним статистическим и рекламным службам. Вы можете управлять настройками cookie через параметры вашего браузера