Just to shed a bit of light: On Jun 24, 4:28 pm, Will <[EMAIL PROTECTED]> wrote: > Is that substitute for a full suite of regression tests? What about > buffer overflow attacks? There's probably loads of other attacks I > don't even know about. > It doesn't even sound as if psycopg gets tested before release.
psycopg gets very well tested before a release. It passes the full suite of DBAPI-2.0 tests and even has some tests to check for common regressions and fixed bugs. The examples provided with the source code are run before each release in addition to the tests to check if complex procedures (like COPYing files) work. psycopg uses libpq to do all its quoting so, SQL-injection-wise, you're as safe as it is possible. Much safer than when using a driver that does its own quoting. Now, about the web site. That machine runs a lot of services and I spent so much time trying to fix things that when we discovered it was Trac we just uninstalled it. We'll replace it in due time and we're considering various options. A nice fork of Trac seems an alternative but we realized a custom tracker for a customer so we're thinkin about using it instead. Anyway, psycopg is not a "commercial" project and it is very stable, so everything that is not adding features or fixing bugs, like a web site, is low-priority. Yes, a bug tracker is useful but given the fact that the stuff works and does 99% of what I'd like it to do makes it useful but not necessary. But we're a consulting firm, so if you really need it just pay us and we'll install it in a couple of days, ah ah. :) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
