| Lists: | pgsql-hackers |
|---|
| From: | Rich Jones <miserlou(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Request for Code Review: BPGSQL |
| Date: | 2016-02-11 13:06:10 |
| Message-ID: | CADJYzxJ2JZ-G0cs-pL-5Hp8DSBpBo1gu2O4-Yq9g2-R_hZ2A9g@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Hello, team!
I am writing on behalf of the BPGSQL Project [1] to request a code audit
from a core PGSQL team member.
The current maintainer is worried about the security of the code, and is
considering closing the project unless it can be properly reviewed [2]. As
a project living downstream[3] of that client library, I'd obviously much
rather see that project get reviewed rather than see it die.
Would anybody here be so kind as to volunteer to give BPGSQL a code review
from an upstream developer's perspective? It would have a lot of value
downstream users who want to use Postgres on Amazon RDS for serverless
applications, and I'm sure in plenty of other places.
Thanks very much!,
Rich Jones
[1] https://github.com/d33tah/bpgsql
[2] https://github.com/d33tah/bpgsql/issues/7
[3] https://github.com/Miserlou/django-zappa/issues/3
| From: | Jacek Wielemborek <d33tah(at)gmail(dot)com> |
|---|---|
| To: | Rich Jones <miserlou(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Request for Code Review: BPGSQL |
| Date: | 2016-02-11 13:26:41 |
| Message-ID: | [email protected] |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
W dniu 11.02.2016 o 14:06, Rich Jones pisze:
> Hello, team!
>
> I am writing on behalf of the BPGSQL Project [1] to request a code audit
> from a core PGSQL team member.
>
> The current maintainer is worried about the security of the code, and is
> considering closing the project unless it can be properly reviewed [2]. As
> a project living downstream[3] of that client library, I'd obviously much
> rather see that project get reviewed rather than see it die.
>
> Would anybody here be so kind as to volunteer to give BPGSQL a code review
> from an upstream developer's perspective? It would have a lot of value
> downstream users who want to use Postgres on Amazon RDS for serverless
> applications, and I'm sure in plenty of other places.
>
> Thanks very much!,
> Rich Jones
>
> [1] https://github.com/d33tah/bpgsql
> [2] https://github.com/d33tah/bpgsql/issues/7
> [3] https://github.com/Miserlou/django-zappa/issues/3
>
Hello,
Thanks Rich, I second the request for a code review.
I felt I'd add that this is a 1500-line pure-Python PostgreSQL client
module that I inherited after Barry Pederson. After I realized how
execute() is implemented, I have my worries and I'd rather not risk
making my users vulnerable.
I'd be really grateful if somebody who knows a bit of Python and the
guts of PostgreSQL could speak up on this one.
Cheers,
d33tah
| From: | Jacek Wielemborek <d33tah(at)gmail(dot)com> |
|---|---|
| To: | Rich Jones <miserlou(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Request for Code Review: BPGSQL |
| Date: | 2016-02-25 16:45:44 |
| Message-ID: | [email protected] |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
W dniu 11.02.2016 o 14:26, Jacek Wielemborek pisze:
> W dniu 11.02.2016 o 14:06, Rich Jones pisze:
>> Hello, team!
>>
>> I am writing on behalf of the BPGSQL Project [1] to request a code audit
>> from a core PGSQL team member.
>>
>> The current maintainer is worried about the security of the code, and is
>> considering closing the project unless it can be properly reviewed [2]. As
>> a project living downstream[3] of that client library, I'd obviously much
>> rather see that project get reviewed rather than see it die.
>>
>> Would anybody here be so kind as to volunteer to give BPGSQL a code review
>> from an upstream developer's perspective? It would have a lot of value
>> downstream users who want to use Postgres on Amazon RDS for serverless
>> applications, and I'm sure in plenty of other places.
>>
>> Thanks very much!,
>> Rich Jones
>>
>> [1] https://github.com/d33tah/bpgsql
>> [2] https://github.com/d33tah/bpgsql/issues/7
>> [3] https://github.com/Miserlou/django-zappa/issues/3
>>
>
> Hello,
>
> Thanks Rich, I second the request for a code review.
>
> I felt I'd add that this is a 1500-line pure-Python PostgreSQL client
> module that I inherited after Barry Pederson. After I realized how
> execute() is implemented, I have my worries and I'd rather not risk
> making my users vulnerable.
>
> I'd be really grateful if somebody who knows a bit of Python and the
> guts of PostgreSQL could speak up on this one.
>
> Cheers,
> d33tah
>
Hello,
I just unsubscribed from the mailing list so please CC next time you
post a reply to this thread.
Cheers,
d33tah