On Jan 29, 2008, at 2:36 PM, Andrew Sullivan wrote:
> On Tue, Jan 29, 2008 at 01:56:35PM -0500, A.M. wrote:
>> The postgresql from eight years ago is also quite rusty.
>
> No, it's not, which is my point. If you don't need any of the
> features you
> mention, and are aware of the limitations, there's nothing wrong with
> using it. The v2 protocol works, for instance, and for some
> applications
> there's nothing wrong with it.
>
> I wouldn't start a large project using Pg.pm right now, for sure,
> but I
> think dismissing code you don't use on the basis that it's old is just
> silly. The reason we say "upgrade your postgresql" is not because
> it's old,
> but because there are _known_ bugs in it, and those bugs eat data.
>
...and Pg.pm includes a serious security hole in the form of non-
existent query escaping which will never be fixed. Are we really
discussing the semantics of "rust"?
-M
