David Van Couvering wrote:
I would like to suggest we include the user community on this
discussion. It is the users who are most impacted by decisions around
security and compatibility.
Making the call that secure-by-default trumps frictionless upgrade
really needs to be done with their input and overall approval.
No it doesn't. :-)
This is an Apache open source project, it's fine if the development
community takes a project in a direction that doesn't match the current
users' demands or expectations. Such a project will just end up with a
different set of users.
Any user can always ensure their interests are represented in a project
by becoming an active part of the development community.
For example, if most people are using Derby embedded, then
secure-by-default in terms of authentication seems to me very low
priority.
and so I assume you wouldn't work on it. But to someone else who cares
about security in a network server environment it would be a high
priority and so they would work on it, it's their itch to scratch.
If I were a using Derby in embedded mode, and I were asked
which was more important, backward compatibility or secure by default, I
would definitely pick compatibility...
and someone else would pick secure by default, but it doesn't really
matter. All that matters is who is willing to put in the development
effort to make the changes happen, Apache is a "do-ocracy" -- power of
those who do.
Note that I'm not suggesting the Derby development community should
ignore its users, but there's more to it than just saying the majority
of users do X so Y is or is not important. Derby has upgrade, backward
compatibility, security etc. only because people were active* in the
development community to make it happen. They scratched itches, and most
of the time that benefits most of the community, some of the time it may
only benefit a couple of people, it doesn't really matter.
Dan.
*active here being making the changes, discussing various approaches,
helping others, reviewing changes, running tests etc.
