On Saturday 18 January 2003 11:13, Tom Lane wrote: > Lamar Owen <[EMAIL PROTECTED]> writes: > > ... Why? If a user doesn't need the features of 7.x.x, and the codebase > > is working well for him/her, why should said user/DBA feel compelled to > > go through who knows what mechanations to upgrade to the latest version?
> Because there are unfixable bugs in the older versions. I see very > little point in issuing "security updates" that fix individual buffer > overruns, when anyone who has the SQL-level access needed to trigger > one of those overruns can equally easily do "select cash_out(2)". > The only fix for that is an upgrade to 7.3. And the cure might be worse than the disease; that is my point. > It wastes time that > could be spent on other work, and it may give DBAs a false sense of > security. "Sure I'm safe; I just got the latest security patch from > Red Hat, so my 6.5.3 Postgres must be bulletproof now!" Red Hat issued a very detailed synopsis of what was fixed. Also, one man's wasted time is another man's time well spent. -- Lamar Owen WGCR Internet Radio 1 Peter 4:11 ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly