Why does everyone run ancient Postgres versions?

(neon.tech)

264 points davidgomes | 1 comments | 17 Oct 24 21:23 UTC | HN request time: 0.496s | source

Show context

elric ◴[18 Oct 24 06:25 UTC] No.41876822[source]▶

Lots of dogmatism in this discussion, it seems. A couple of things:

1. Most psql deployments are not exposed to the interwebz, they are typically only accessible to the applications that need them by virtue of network setup (firewalls etc). This limits the attack vector to whatever the application does. Good.

2. Distro vendors (RHEL et al) often stick to major psql release for the lifecycle of the OS version. If the OS lives longer than the psql major version, they take on the responsability of backporting critical security issues.

3. While upgrades aren't hard, they're not easy either.

4. Psql is pretty much feature complete for many workloads, and pretty stable in general. For many people, there is little need to chase the latest major version.

replies(7): >>41876901 #>>41877104 #>>41877174 #>>41877411 #>>41877438 #>>41878003 #>>41879089 #

xvinci ◴[18 Oct 24 06:40 UTC] No.41876901[source]▶

>>41876822 #

"What the application does" may not be what you think of, as it is dependent on how secure the application or the layers beneath it are. This is how people get everything pwned step by step. The database server may then reveal credentials to other apps etc.

replies(2): >>41877070 #>>41877188 #

Dylan16807 ◴[18 Oct 24 07:46 UTC] No.41877188[source]▶

>>41876901 #

If the database server has significant "other apps", which it probably doesn't.

replies(1): >>41879626 #

1. xvinci ◴[18 Oct 24 14:09 UTC] No.41879626[source]▶

>>41877188 #

Sure, but then chances are it's hosted on a nas with other data which you dont want ransomware'd, has access to other parts of the network, etc. - it's easy to underestimate the potential impact

↑