Can: yes. Should: no. I would be really saddened to see companies being able to buy security by throwing money at us. That makes us look like we can be bought. And that sends the wrong signal, from my perspective. Timely security updates should be available to everyone.
Should enterprises sponsor the DSF, open source projects, or the open source community in general: yes, absolutely. What we could think about is something where companies above a yearly revenue of US$ x need to sponsor in order to be on a pre-notification list. But the moment we do that we put people's data at risk. A company that doesn't want to pay for that sponsorship and thus won't get pre-notifications may remain on an insecure version longer that they should or would if they had received a pre-notification. And that's terrible as well. My 2ยข Markus On Wed, Oct 3, 2018, at 9:14 AM, Carlton Gibson wrote: > > On Sunday, 30 September 2018 06:51:41 UTC+2, James Bennett wrote: > > > > Does anyone else have feedback on this? I'd like to push it forward. > > > > I don't know if this would fly but, given that pre-notification is mainly > thought of for large-scale ("enterprise"?) deployments that can't > realistically "Just Update!", > could we make Corporate Sponsorship of the DSF a requirement for > pre-notification? (These are big companies, with payroll. A sponsorship is > loose change in this context, and may at least encourage trying to > update...) > > (Just a thought.) > > C. > > -- > You received this message because you are subscribed to the Google > Groups "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to django-developers@googlegroups.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/b3f4aa4c-9b00-41ac-8668-87ffa570f2d6%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/1538558277.1719089.1528965704.3DA7E4ED%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.