W dniu 11.02.2016 o 14:26, Jacek Wielemborek pisze:
> W dniu 11.02.2016 o 14:06, Rich Jones pisze:
>> Hello, team!
>> I am writing on behalf of the BPGSQL Project [1] to request a code audit
>> from a core PGSQL team member.
>> The current maintainer is worried about the security of the code, and is
>> considering closing the project unless it can be properly reviewed [2]. As
>> a project living downstream[3] of that client library, I'd obviously much
>> rather see that project get reviewed rather than see it die.
>> Would anybody here be so kind as to volunteer to give BPGSQL a code review
>> from an upstream developer's perspective? It would have a lot of value
>> downstream users who want to use Postgres on Amazon RDS for serverless
>> applications, and I'm sure in plenty of other places.
>> Thanks very much!,
>> Rich Jones
>> [1] https://github.com/d33tah/bpgsql
>> [2] https://github.com/d33tah/bpgsql/issues/7
>> [3] https://github.com/Miserlou/django-zappa/issues/3
> Hello,
> Thanks Rich, I second the request for a code review.
> I felt I'd add that this is a 1500-line pure-Python PostgreSQL client
> module that I inherited after Barry Pederson. After I realized how
> execute() is implemented, I have my worries and I'd rather not risk
> making my users vulnerable.
> I'd be really grateful if somebody who knows a bit of Python and the
> guts of PostgreSQL could speak up on this one.
> Cheers,
> d33tah


I just unsubscribed from the mailing list so please CC next time you
post a reply to this thread.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to