Request for Code Review: BPGSQL
Hello, team!
I am writing on behalf of the BPGSQL Project [1]https://github.com/d33tah/bpgsql to request a code audit
from a core PGSQL team member.
The current maintainer is worried about the security of the code, and is
considering closing the project unless it can be properly reviewed [2]https://github.com/d33tah/bpgsql/issues/7. As
a project living downstream[3]https://github.com/Miserlou/django-zappa/issues/3 of that client library, I'd obviously much
rather see that project get reviewed rather than see it die.
Would anybody here be so kind as to volunteer to give BPGSQL a code review
from an upstream developer's perspective? It would have a lot of value
downstream users who want to use Postgres on Amazon RDS for serverless
applications, and I'm sure in plenty of other places.
Thanks very much!,
Rich Jones
[1]: https://github.com/d33tah/bpgsql
[2]: https://github.com/d33tah/bpgsql/issues/7
[3]: https://github.com/Miserlou/django-zappa/issues/3
W dniu 11.02.2016 o 14:06, Rich Jones pisze:
Hello, team!
I am writing on behalf of the BPGSQL Project [1] to request a code audit
from a core PGSQL team member.The current maintainer is worried about the security of the code, and is
considering closing the project unless it can be properly reviewed [2]. As
a project living downstream[3] of that client library, I'd obviously much
rather see that project get reviewed rather than see it die.Would anybody here be so kind as to volunteer to give BPGSQL a code review
from an upstream developer's perspective? It would have a lot of value
downstream users who want to use Postgres on Amazon RDS for serverless
applications, and I'm sure in plenty of other places.Thanks very much!,
Rich Jones[1] https://github.com/d33tah/bpgsql
[2] https://github.com/d33tah/bpgsql/issues/7
[3] https://github.com/Miserlou/django-zappa/issues/3
Hello,
Thanks Rich, I second the request for a code review.
I felt I'd add that this is a 1500-line pure-Python PostgreSQL client
module that I inherited after Barry Pederson. After I realized how
execute() is implemented, I have my worries and I'd rather not risk
making my users vulnerable.
I'd be really grateful if somebody who knows a bit of Python and the
guts of PostgreSQL could speak up on this one.
Cheers,
d33tah
W dniu 11.02.2016 o 14:26, Jacek Wielemborek pisze:
W dniu 11.02.2016 o 14:06, Rich Jones pisze:
Hello, team!
I am writing on behalf of the BPGSQL Project [1] to request a code audit
from a core PGSQL team member.The current maintainer is worried about the security of the code, and is
considering closing the project unless it can be properly reviewed [2]. As
a project living downstream[3] of that client library, I'd obviously much
rather see that project get reviewed rather than see it die.Would anybody here be so kind as to volunteer to give BPGSQL a code review
from an upstream developer's perspective? It would have a lot of value
downstream users who want to use Postgres on Amazon RDS for serverless
applications, and I'm sure in plenty of other places.Thanks very much!,
Rich Jones[1] https://github.com/d33tah/bpgsql
[2] https://github.com/d33tah/bpgsql/issues/7
[3] https://github.com/Miserlou/django-zappa/issues/3Hello,
Thanks Rich, I second the request for a code review.
I felt I'd add that this is a 1500-line pure-Python PostgreSQL client
module that I inherited after Barry Pederson. After I realized how
execute() is implemented, I have my worries and I'd rather not risk
making my users vulnerable.I'd be really grateful if somebody who knows a bit of Python and the
guts of PostgreSQL could speak up on this one.Cheers,
d33tah
Hello,
I just unsubscribed from the mailing list so please CC next time you
post a reply to this thread.
Cheers,
d33tah