Did this project just die? about bpgsql HOT 16 OPEN

@Miserlou:

Well I cannot promise I'll be maintaining it any time soon and I wasn't confident in its security, so I was torn between killing it or just saying with big letters in the README that this is experimental and you should put extra care when using it, ideally staying away from it on production. My worries are mostly about the way that query parameters are passed - I hadn't looked into PostgreSQL protocol implementation, but it's weird to me that escaping is done on the Python end instead of passing the placeholder values separately. An opinion from a core PostgreSQL developer would make me trust this code a bit more.

Though on the other hand I can already see three people interested in it (you and two PR authors), so perhaps there might be more options if there's interest. Let me know what you think about it, perhaps we could look for other solutions.

from bpgsql.

Ping @stevepeak and @seanjensengrey. I'd like to hear your opinion as well.

from bpgsql.

Ahhhhh, I see!

Well, we have a sudden need for a pure Python Django-PGSQL adapter because of this: Miserlou/django-zappa#3 - so I would very much like to see this project succeed.

I bet a core PostgresSQL developer could be roped into doing an audit of this code if you asked nicely? Most times developers love seeing downstream support of their projects. (I personally err on the side of something-is-better-than-nothing, nothing is ever 100% secure, and that more eyes make all bugs look shallow.)

Have you reached out to the PG core team yet?

from bpgsql.

Have you reached out to the PG core team yet?

I hadn't. Could you?

from bpgsql.

Okay, I have sent a message to the PG-Hackers list asking for help. Hopefully somebody will step up.

from bpgsql.

👍 Awesome, thank you @Miserlou :) That's really appreciated.

from bpgsql.

No problem at all, thanks for your work on bpgsql! Hope we can use it in Zappa.

from bpgsql.

It actually looks like the original author is now alive and active on GitHub.. perhaps he would be interested in this discussion as well? Or would that be rude..

from bpgsql.

Nah, I guess it's okay to call him here. @barryp

from bpgsql.

I'm around, but not really doing anything with this project. It meet some needs I had back in the day, but I've moved on to other stuff. It uses an older version of the pgsql protocol - a complete rewrite is probably in order.

from bpgsql.

@Miserlou: based on the traffic of the mailing list, I would guess it's quite unlikely we would get any responses. Any more ideas where we could get the review?

from bpgsql.

Hm. Not sure what to do now, that wasn't the reaction I was hoping for.

Maybe we could try a subreddit or HN?

from bpgsql.

@Miserlou: good ideas! Would you do that?

from bpgsql.

@d33tah @Miserlou Radioing in. I have a couple flights in the near term. I'll read the code on the plane. My interest was having a pgsql driver for alt VMs like PyPy and Jython w/o having to shim out lib on each platform.

from bpgsql.

Excellent! Thanks Sean!

On Mon, Feb 15, 2016 at 2:28 PM, Sean Jensen-Grey [email protected]
wrote:

@d33tah https://github.com/d33tah @Miserlou
https://github.com/Miserlou Radioing in. I have a couple flights in the
near term. I'll read the code on the plane. My interest was having a pgsql
driver for alt VMs like PyPy and Jython w/o having to shim out lib on each
platform.

—
Reply to this email directly or view it on GitHub
#7 (comment).

from bpgsql.

@seanjensengrey: ping.

from bpgsql.