Can: yes. Should: no.
I would be really saddened to see companies being able to buy security by
throwing money at us. That makes us look like we can be bought. And that sends
the wrong signal, from my perspective. Timely security updates should be
available to everyone.
Should enterprises sponsor the DSF, open source projects, or the open source
community in general: yes, absolutely.
What we could think about is something where companies above a yearly revenue
of US$ x need to sponsor in order to be on a pre-notification list. But the
moment we do that we put people's data at risk. A company that doesn't want to
pay for that sponsorship and thus won't get pre-notifications may remain on an
insecure version longer that they should or would if they had received a
pre-notification. And that's terrible as well.
My 2ยข
Markus
On Wed, Oct 3, 2018, at 9:14 AM, Carlton Gibson wrote:
>
> On Sunday, 30 September 2018 06:51:41 UTC+2, James Bennett wrote:
> >
> > Does anyone else have feedback on this? I'd like to push it forward.
> >
>
> I don't know if this would fly but, given that pre-notification is mainly
> thought of for large-scale ("enterprise"?) deployments that can't
> realistically "Just Update!",
> could we make Corporate Sponsorship of the DSF a requirement for
> pre-notification? (These are big companies, with payroll. A sponsorship is
> loose change in this context, and may at least encourage trying to
> update...)
>
> (Just a thought.)
>
> C.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-developers+unsubscr...@googlegroups.com.
> To post to this group, send email to django-developers@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/b3f4aa4c-9b00-41ac-8668-87ffa570f2d6%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To post to this group, send email to django-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/1538558277.1719089.1528965704.3DA7E4ED%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
