←back to thread

Why does everyone run ancient Postgres versions?

(neon.tech)
264 points davidgomes | 1 comments | 17 Oct 24 21:23 UTC | HN request time: 0.202s | source
Show context
elric ◴[18 Oct 24 06:25 UTC] No.41876822[source]
Lots of dogmatism in this discussion, it seems. A couple of things:

1. Most psql deployments are not exposed to the interwebz, they are typically only accessible to the applications that need them by virtue of network setup (firewalls etc). This limits the attack vector to whatever the application does. Good.

2. Distro vendors (RHEL et al) often stick to major psql release for the lifecycle of the OS version. If the OS lives longer than the psql major version, they take on the responsability of backporting critical security issues.

3. While upgrades aren't hard, they're not easy either.

4. Psql is pretty much feature complete for many workloads, and pretty stable in general. For many people, there is little need to chase the latest major version.

replies(7): >>41876901 #>>41877104 #>>41877174 #>>41877411 #>>41877438 #>>41878003 #>>41879089 #
1. mhd ◴[18 Oct 24 08:30 UTC] No.41877411[source]
> 3. While upgrades aren't hard, they're not easy either.

And in my experience, apart from ease of use there's also a major trust issue here. If you're upgrading your app server framework/language, it's easy enough to do a rollback. With databases, people are worried that they might not notice errors right away and then you have to merge the data accumulated since the upgrade with the last backup in case of a rollback.

Not saying that this is entirely rational...

Also, new features on the SQL level are hard to sell if all you're doing is lowest common denominator ORM ("New window functions and faster lateral joins? But we're doing all that in our code!").