Обсуждение: Request for Code Review: BPGSQL
Hello, team!
I am writing on behalf of the BPGSQL Project [1] to request a code audit from a core PGSQL team member.Thanks very much!,
Rich Jones
W dniu 11.02.2016 o 14:06, Rich Jones pisze: > Hello, team! > > I am writing on behalf of the BPGSQL Project [1] to request a code audit > from a core PGSQL team member. > > The current maintainer is worried about the security of the code, and is > considering closing the project unless it can be properly reviewed [2]. As > a project living downstream[3] of that client library, I'd obviously much > rather see that project get reviewed rather than see it die. > > Would anybody here be so kind as to volunteer to give BPGSQL a code review > from an upstream developer's perspective? It would have a lot of value > downstream users who want to use Postgres on Amazon RDS for serverless > applications, and I'm sure in plenty of other places. > > Thanks very much!, > Rich Jones > > [1] https://github.com/d33tah/bpgsql > [2] https://github.com/d33tah/bpgsql/issues/7 > [3] https://github.com/Miserlou/django-zappa/issues/3 > Hello, Thanks Rich, I second the request for a code review. I felt I'd add that this is a 1500-line pure-Python PostgreSQL client module that I inherited after Barry Pederson. After I realized how execute() is implemented, I have my worries and I'd rather not risk making my users vulnerable. I'd be really grateful if somebody who knows a bit of Python and the guts of PostgreSQL could speak up on this one. Cheers, d33tah
W dniu 11.02.2016 o 14:26, Jacek Wielemborek pisze: > W dniu 11.02.2016 o 14:06, Rich Jones pisze: >> Hello, team! >> >> I am writing on behalf of the BPGSQL Project [1] to request a code audit >> from a core PGSQL team member. >> >> The current maintainer is worried about the security of the code, and is >> considering closing the project unless it can be properly reviewed [2]. As >> a project living downstream[3] of that client library, I'd obviously much >> rather see that project get reviewed rather than see it die. >> >> Would anybody here be so kind as to volunteer to give BPGSQL a code review >> from an upstream developer's perspective? It would have a lot of value >> downstream users who want to use Postgres on Amazon RDS for serverless >> applications, and I'm sure in plenty of other places. >> >> Thanks very much!, >> Rich Jones >> >> [1] https://github.com/d33tah/bpgsql >> [2] https://github.com/d33tah/bpgsql/issues/7 >> [3] https://github.com/Miserlou/django-zappa/issues/3 >> > > Hello, > > Thanks Rich, I second the request for a code review. > > I felt I'd add that this is a 1500-line pure-Python PostgreSQL client > module that I inherited after Barry Pederson. After I realized how > execute() is implemented, I have my worries and I'd rather not risk > making my users vulnerable. > > I'd be really grateful if somebody who knows a bit of Python and the > guts of PostgreSQL could speak up on this one. > > Cheers, > d33tah > Hello, I just unsubscribed from the mailing list so please CC next time you post a reply to this thread. Cheers, d33tah