| From: | Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Justin Clift <justin(at)postgresql(dot)org>, PostgreSQL Hackers Mailing List <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Can we revisit the thought of PostgreSQL 7.2.4? |
| Date: | 2003-01-19 02:40:34 |
| Message-ID: | 200301182140.34976.lamar.owen@wgcr.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Saturday 18 January 2003 11:13, Tom Lane wrote:
> Lamar Owen <lamar(dot)owen(at)wgcr(dot)org> writes:
> > ... Why? If a user doesn't need the features of 7.x.x, and the codebase
> > is working well for him/her, why should said user/DBA feel compelled to
> > go through who knows what mechanations to upgrade to the latest version?
> Because there are unfixable bugs in the older versions. I see very
> little point in issuing "security updates" that fix individual buffer
> overruns, when anyone who has the SQL-level access needed to trigger
> one of those overruns can equally easily do "select cash_out(2)".
> The only fix for that is an upgrade to 7.3.
And the cure might be worse than the disease; that is my point.
> It wastes time that
> could be spent on other work, and it may give DBAs a false sense of
> security. "Sure I'm safe; I just got the latest security patch from
> Red Hat, so my 6.5.3 Postgres must be bulletproof now!"
Red Hat issued a very detailed synopsis of what was fixed. Also, one man's
wasted time is another man's time well spent.
--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2003-01-19 06:16:47 | Heading to Atlanta |
| Previous Message | Christopher Kings-Lynne | 2003-01-19 02:09:13 | Re: constraint defaults still print |