db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@apache.org>
Subject Re: Q: Should Derby 10.3 be Derby 11?
Date Wed, 21 Feb 2007 06:00:02 GMT
David Van Couvering wrote:
> I would like to suggest we include the user community on this 
> discussion. It is the users who are most impacted by decisions around 
> security and compatibility.
> Making the call that secure-by-default trumps frictionless upgrade 
> really needs to be done with their input and overall approval.

No it doesn't. :-)

This is an Apache open source project, it's fine if the development 
community takes a project in a direction that doesn't match the current 
users' demands or expectations. Such a project will just end up with a 
different set of users.
Any user can always ensure their interests are represented in a project 
by becoming an active part of the development community.

> For example, if most people are using Derby embedded, then 
> secure-by-default in terms of authentication seems to me very low 
> priority. 

and so I assume you wouldn't work on it. But to someone else who cares 
about security in a network server environment it would be a high 
priority and so they would work on it, it's their itch to scratch.

> If I were a using Derby in embedded mode, and I were asked 
> which was more important, backward compatibility or secure by default, I 
> would definitely pick compatibility...

and someone else would pick secure by default, but it doesn't really 
matter. All that matters is who is willing to put in the development 
effort to make the changes happen, Apache is a "do-ocracy" -- power of 
those who do.

Note that I'm not suggesting the Derby development community should 
ignore its users, but there's more to it than just saying the majority 
of users do X so Y is or is not important. Derby has upgrade, backward 
compatibility, security etc. only because people were active* in the 
development community to make it happen. They scratched itches, and most 
of the time that benefits most of the community, some of the time it may 
only benefit a couple of people, it doesn't really matter.

*active here being making the changes, discussing various approaches, 
helping others, reviewing changes, running tests etc.

View raw message