-
Notifications
You must be signed in to change notification settings - Fork 1
Did this project just die? #7
Comments
Well I cannot promise I'll be maintaining it any time soon and I wasn't confident in its security, so I was torn between killing it or just saying with big letters in the README that this is experimental and you should put extra care when using it, ideally staying away from it on production. My worries are mostly about the way that query parameters are passed - I hadn't looked into PostgreSQL protocol implementation, but it's weird to me that escaping is done on the Python end instead of passing the placeholder values separately. An opinion from a core PostgreSQL developer would make me trust this code a bit more. Though on the other hand I can already see three people interested in it (you and two PR authors), so perhaps there might be more options if there's interest. Let me know what you think about it, perhaps we could look for other solutions. |
Ping @stevepeak and @seanjensengrey. I'd like to hear your opinion as well. |
Ahhhhh, I see! Well, we have a sudden need for a pure Python Django-PGSQL adapter because of this: Miserlou/django-zappa#3 - so I would very much like to see this project succeed. I bet a core PostgresSQL developer could be roped into doing an audit of this code if you asked nicely? Most times developers love seeing downstream support of their projects. (I personally err on the side of something-is-better-than-nothing, nothing is ever 100% secure, and that more eyes make all bugs look shallow.) Have you reached out to the PG core team yet? |
I hadn't. Could you? |
Okay, I have sent a message to the PG-Hackers list asking for help. Hopefully somebody will step up. |
👍 Awesome, thank you @Miserlou :) That's really appreciated. |
No problem at all, thanks for your work on bpgsql! Hope we can use it in Zappa. |
It actually looks like the original author is now alive and active on GitHub.. perhaps he would be interested in this discussion as well? Or would that be rude.. |
Nah, I guess it's okay to call him here. @barryp |
I'm around, but not really doing anything with this project. It meet some needs I had back in the day, but I've moved on to other stuff. It uses an older version of the pgsql protocol - a complete rewrite is probably in order. |
@Miserlou: based on the traffic of the mailing list, I would guess it's quite unlikely we would get any responses. Any more ideas where we could get the review? |
Hm. Not sure what to do now, that wasn't the reaction I was hoping for. Maybe we could try a subreddit or HN? |
@Miserlou: good ideas! Would you do that? |
Excellent! Thanks Sean! On Mon, Feb 15, 2016 at 2:28 PM, Sean Jensen-Grey notifications@github.com
|
@seanjensengrey: ping. |
Just saw your most recent commit.
Is this project now dead? Are there any working pure-Python PGSQL Django backends out there?
The text was updated successfully, but these errors were encountered: