Why is psycopg2-binary not recommended in production use?

[jensens]

At https://github.com/zodb/relstorage/blob/master/docs/install.rst there is written:
"In the case of psycopg2, that binary package (which is not recommended for production use) can be installed with the name psycopg2-binary."

Why?

[jamadden]

Because that's what the psycopg2 developers themselves say. They have a section on the website about it; I don't remember the details but IIRC it's something to do about either ABI issues or protocol issues.

[jamadden]

https://www.psycopg.org/docs/install.html#psycopg-vs-psycopg-binary

If you are the maintainer of a published package depending on psycopg2 you shouldn’t use psycopg2-binary as a module dependency. For production use you are advised to use the source distribution.

The binary packages come with their own versions of a few C libraries, among which libpq and libssl, which will be used regardless of other libraries available on the client: upgrading the system libraries will not upgrade the libraries used by psycopg2. Please build psycopg2 from source if you want to maintain binary upgradeability.

Warning The psycopg2 wheel package comes packaged, among the others, with its own libssl binary. This may create conflicts with other extension modules binding with libssl as well, for instance with the Python ssl module: in some cases, under concurrency, the interaction between the two libraries may result in a segfault. In case of doubts you are advised to use a package built from source.

[jensens]

Thanks a lot!