On Saturday 18 January 2003 11:13, Tom Lane wrote:
> Lamar Owen <lamar.owen@wgcr.org> writes:
> > ... Why? If a user doesn't need the features of 7.x.x, and the codebase
> > is working well for him/her, why should said user/DBA feel compelled to
> > go through who knows what mechanations to upgrade to the latest version?
> Because there are unfixable bugs in the older versions. I see very
> little point in issuing "security updates" that fix individual buffer
> overruns, when anyone who has the SQL-level access needed to trigger
> one of those overruns can equally easily do "select cash_out(2)".
> The only fix for that is an upgrade to 7.3.
And the cure might be worse than the disease; that is my point.
> It wastes time that
> could be spent on other work, and it may give DBAs a false sense of
> security. "Sure I'm safe; I just got the latest security patch from
> Red Hat, so my 6.5.3 Postgres must be bulletproof now!"
Red Hat issued a very detailed synopsis of what was fixed. Also, one man's
wasted time is another man's time well spent.
--
Lamar Owen
WGCR Internet Radio
1 Peter 4:11
