Comparing vaccines to software is an analogy I find very nutrient-rich. Basically, it can illustrate many points pro and contra, depending on what direction you're coming from.
Pushing webapp code to master certainly won't result in rockets launch, if only because no sane person physically connects launching platform to build server ("no biological pathway"). On the other hand, deploying build artifacts carries much more risk. This risk is usually mitigated by extensive multi-level testing and appropriate live monitoring. In addition, the target environment for software is, at least theoretically, fully tractable. I.e. it can be de-constructed and understood to the very last bit. It is also fully human-made and controllable, without random nuclear reactors hooked up to web server. If such invariants cannot be established, I think it is not ethical for a senior software engineer to approve mandatory wide-scale deployment. Under such conditions the decision must be strictly on the owner of each server.
In case of vaccine we deal with infinite number of reasonably unique "environments" - human bodies. We know that each of these "environments" are absolutely capable of developing a million of adverse things like cancers, strokes, autoimmune diseases, etc. So, the "biological pathway" exist, the "rocket launchers" are there. Our understanding of inner workings of human body is very imperfect, as demonstrated by the fact that humans still suffer and die from all sorts of diseases. Our monitoring tools are very limited, and our analytical framework is just blunt statistics. The vaccine is, basically, a clever hack into a half-understood system. So, it is certainly up to the owner of the body to decide what to "deploy" into it. And disagreement or misunderstanding, in my opinion, is exactly around the concept "who really owns one's body".
The database analogy is also interesting, in that while the experimental writing code is gone, the database remains modified. In sufficiently complex and poorly understood system how can one guarantee that modified data doesn't cause any unhandled exceptions down the track, especially given the number of vulnerable third-party clients?
Yes, what you wrote mirrors a lot of my thoughts and questions on this. These are the kinds of analogies that I can't help but draw when I hear the communications around covid, and there are never any satisfactory answers.
Pushing webapp code to master certainly won't result in rockets launch, if only because no sane person physically connects launching platform to build server ("no biological pathway"). On the other hand, deploying build artifacts carries much more risk. This risk is usually mitigated by extensive multi-level testing and appropriate live monitoring. In addition, the target environment for software is, at least theoretically, fully tractable. I.e. it can be de-constructed and understood to the very last bit. It is also fully human-made and controllable, without random nuclear reactors hooked up to web server. If such invariants cannot be established, I think it is not ethical for a senior software engineer to approve mandatory wide-scale deployment. Under such conditions the decision must be strictly on the owner of each server.
In case of vaccine we deal with infinite number of reasonably unique "environments" - human bodies. We know that each of these "environments" are absolutely capable of developing a million of adverse things like cancers, strokes, autoimmune diseases, etc. So, the "biological pathway" exist, the "rocket launchers" are there. Our understanding of inner workings of human body is very imperfect, as demonstrated by the fact that humans still suffer and die from all sorts of diseases. Our monitoring tools are very limited, and our analytical framework is just blunt statistics. The vaccine is, basically, a clever hack into a half-understood system. So, it is certainly up to the owner of the body to decide what to "deploy" into it. And disagreement or misunderstanding, in my opinion, is exactly around the concept "who really owns one's body".
The database analogy is also interesting, in that while the experimental writing code is gone, the database remains modified. In sufficiently complex and poorly understood system how can one guarantee that modified data doesn't cause any unhandled exceptions down the track, especially given the number of vulnerable third-party clients?