Did this project just die?

[Miserlou]

Just saw your most recent commit.

Is this project now dead? Are there any working pure-Python PGSQL Django backends out there?

[d33tah]

@Miserlou:

Well I cannot promise I'll be maintaining it any time soon and I wasn't confident in its security, so I was torn between killing it or just saying with big letters in the README that this is experimental and you should put extra care when using it, ideally staying away from it on production. My worries are mostly about the way that query parameters are passed - I hadn't looked into PostgreSQL protocol implementation, but it's weird to me that escaping is done on the Python end instead of passing the placeholder values separately. An opinion from a core PostgreSQL developer would make me trust this code a bit more.

Though on the other hand I can already see three people interested in it (you and two PR authors), so perhaps there might be more options if there's interest. Let me know what you think about it, perhaps we could look for other solutions.

[d33tah]

Ping @stevepeak and @seanjensengrey. I'd like to hear your opinion as well.

[Miserlou]

Ahhhhh, I see!

Well, we have a sudden need for a pure Python Django-PGSQL adapter because of this: Miserlou/django-zappa#3 - so I would very much like to see this project succeed.

I bet a core PostgresSQL developer could be roped into doing an audit of this code if you asked nicely? Most times developers love seeing downstream support of their projects. (I personally err on the side of something-is-better-than-nothing, nothing is ever 100% secure, and that more eyes make all bugs look shallow.)

Have you reached out to the PG core team yet?

[d33tah]

Have you reached out to the PG core team yet?

I hadn't. Could you?

[Miserlou]

Okay, I have sent a message to the PG-Hackers list asking for help. Hopefully somebody will step up.

[d33tah]

👍 Awesome, thank you @Miserlou :) That's really appreciated.

[Miserlou]

No problem at all, thanks for your work on bpgsql! Hope we can use it in Zappa.

[Miserlou]

It actually looks like the original author is now alive and active on GitHub.. perhaps he would be interested in this discussion as well? Or would that be rude..

[d33tah]

Nah, I guess it's okay to call him here. @barryp

[barryp]

I'm around, but not really doing anything with this project. It meet some needs I had back in the day, but I've moved on to other stuff. It uses an older version of the pgsql protocol - a complete rewrite is probably in order.

[d33tah]

@Miserlou: based on the traffic of the mailing list, I would guess it's quite unlikely we would get any responses. Any more ideas where we could get the review?

[Miserlou]

Hm. Not sure what to do now, that wasn't the reaction I was hoping for.

Maybe we could try a subreddit or HN?

[d33tah]

@Miserlou: good ideas! Would you do that?

[seanjensengrey]

@d33tah @Miserlou Radioing in. I have a couple flights in the near term. I'll read the code on the plane. My interest was having a pgsql driver for alt VMs like PyPy and Jython w/o having to shim out lib on each platform.

[Miserlou]

Excellent! Thanks Sean!

On Mon, Feb 15, 2016 at 2:28 PM, Sean Jensen-Grey notifications@github.com
wrote:

@d33tah https://github.com/d33tah @Miserlou
https://github.com/Miserlou Radioing in. I have a couple flights in the
near term. I'll read the code on the plane. My interest was having a pgsql
driver for alt VMs like PyPy and Jython w/o having to shim out lib on each
platform.

—
Reply to this email directly or view it on GitHub
#7 (comment).

[d33tah]

@seanjensengrey: ping.