On Saturday 18 January 2003 11:13, Tom Lane wrote:
> Lamar Owen <[EMAIL PROTECTED]> writes:
> > ... Why?  If a user doesn't need the features of 7.x.x, and the codebase
> > is working well for him/her, why should said user/DBA feel compelled to
> > go through who knows what mechanations to upgrade to the latest version?

> Because there are unfixable bugs in the older versions.  I see very
> little point in issuing "security updates" that fix individual buffer
> overruns, when anyone who has the SQL-level access needed to trigger
> one of those overruns can equally easily do "select cash_out(2)".
> The only fix for that is an upgrade to 7.3.

And the cure might be worse than the disease; that is my point.

> It wastes time that
> could be spent on other work, and it may give DBAs a false sense of
> security.  "Sure I'm safe; I just got the latest security patch from
> Red Hat, so my 6.5.3 Postgres must be bulletproof now!"

Red Hat issued a very detailed synopsis of what was fixed.  Also, one man's 
wasted time is another man's time well spent.
Lamar Owen
WGCR Internet Radio
1 Peter 4:11

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly

Reply via email to