Re: [Fwd: General Information]

People,

Please look over my responses to make sure that I'm not putting my foot in
anything:

Mr. Lewis,

> We are considering using PostgreSQL as the backbone for hosting a new
> application suite.

That's great! We'd be happy to feature you on the Advocacy site when you're
up and running.

> The appeal is obvious but what about security of data?

Postgresql has a number of built-in security mechanisms, such as an ACL,
schema, table, and object permissions, and MD5-encrypted passwords.
Additionally, you could easily encrypt parts of your data through your
middleware. If "bulletproof" security is a paramount concern, I recommend
hiring a consultant with this area of expertise.

> What is the
> mechanism for securing the open source?

I'm afraid I don't follow this question. What do you mean by "securing the
Open Source?"

> How do developers submit source
> and who QA's it ?

Source is submitted through CVS at developer.postgresql.org. Patches and
features are approved or rejected by the 6-member core developer team,
usually after a lively discussion on the developer mailing lists. Many new
features are only added after surviving several months in production as
optional patches in the "contrib" directory of the source tree.

QA is done through the very active, 9000 + member online PostgreSQL community.
Thanks to our many enthusiastic participants, we are able to test PostgreSQL
in the field in amost every conceivable environment. Problems and bugs are
reported to our mailing lists and quickly acted upon. For example, when the
well-publicized zlib bug in 2001 was found to have affected PostgreSQL as
well, a patched version was available in less than a week.

> What is the performance and scalability like and has it been benched ?
> benched against other leading products such as MS, Progress, etc.

I personally use Postgres for 6 in-production commercial databases for my
clients. Perhaps our strongest "scalability" demonstatration is by Afilias,
who are hosting the .ORG registry on a PostgreSQL database.

Regrettably, every benchmark I have yet seen in any online article is designed
to favor the database whose team ran the benchmark. The database world is,
at this time, lacking a relatively impartial, comprehensive set of database
benchmarks.

That being said, quite a few tests have been done on the speed issue alone.
Rather than me hand-feeding you articles, I suggest that you "Google" for
them; I think you'll find that on raw speed PostgreSQL comes out just behind
MySQL or just ahead depending on who ran the test.

> Our initial thoughts are for an ASP modeled deployment with up to a
> thousand users per instantiated DB.

Sounds good to me.

> Is the license owned by a trust whatsoever and is there a possibility of it
> being sold or differently licensed?

No.

> Would there be limitations or agreements required to accompany our product
> once developed and licensed for use by customers ?

No. PostgreSQL is BSD-licensed, and community-owned. See:
http://www.postgresql.org/licence.html

> Are there any software vendors creating apps with this backbone ? Anyone
> other than ISP / Webhosting types.

I'll have to research this for you. Unfortunately, while I personally know of
several, they are not ready to go public with the technical details of their
products. Hopefully someone else will come forward on one of our mailing
lists.

I personally develop custom, complex OLAP and scheduling applications based on
PostgreSQL, and hundreds of members of our community do similar development.

> What disadvantages should I consider ?

None that I can think of, personally. But consider whom you're asking <grin>.

Overall, I'd say that if you want to go further with this, you should hire an
expert PostgreSQL consultant. Some are listed here:
http://techdocs.postgresql.org/companies.php

Good luck in your evaluation process.

--
Josh Berkus
PostgreSQL Advocacy Volunteer
San Francisco