Why does everyone run ancient Postgres versions?

(neon.tech)

264 points davidgomes | 1 comments | 17 Oct 24 21:23 UTC | HN request time: 0s | source

Show context

justin_oaks ◴[18 Oct 24 00:36 UTC] No.41875268[source]▶

>>41873957 (OP) #

My upgrade policy for everything:

Significant security vulnerability? Upgrade

Feature you need? Upgrade

All other reasons: Don't upgrade.

Upgrading takes effort and it is risky. The benefits must be worth the risks.

replies(5): >>41875370 #>>41875465 #>>41876163 #>>41876254 #>>41876707 #

natmaka ◴[18 Oct 24 00:52 UTC] No.41875370[source]▶

>>41875268 #

Suggestion: add "End of life (no more maintenance for this version)? Upgrade"

replies(1): >>41876193 #

Gormo ◴[18 Oct 24 03:51 UTC] No.41876193[source]▶

>>41875370 #

Why? If the implemented featureset meets your needs, and there are no unresolved bugs or security vulnerabilities relevant to your use cases, what further "maintenance" do you need?

replies(2): >>41876247 #>>41876460 #

1. FearNotDaniel ◴[18 Oct 24 04:54 UTC] No.41876460[source]▶

>>41876193 #

Because when the maintainers have stopped patching that version against all known security vulnerabilities, that doesn't stop the bad guys from looking for more vulnerabilities. When they find one, it will get exploited. So you either wake up to an email from Have I Been Pwned to say all your customer data has been exfiltrated [0], or (if you're lucky) you have a mad scramble to do that update before they get you.

[0] Probably including those passwords you didn't hash, and those credit card numbers you shouldn't be storing in the first place because, what the heck, it meets your needs.

↑