On Sat, Mar 20, 2010 at 11:44 AM, Herouth Maoz <herouth@xxxxxxxxxxxxx> wrote:
The server version is 8.3.1. Migration to a higher version might be
difficult as far as policies go, if there isn't a supported debian package
for it, but if you can point out a version where this has been fixed I might
be able to persuade my boss and sysadmin.
Most of the time it is more dangerous to NOT update PostgreSQL to the
latest minor point version than to stay on an older minor point
version. The occasions when a minor point upgrade come out that is
dangerous are rare, and the next minor point version to fix it shows
up the next day while the broken one is pulled. I think that's
happened 1 or 2 times during the time I've been using postgresql. So,
if it's 48 hours old and no alarm bells have gone off that it's being
pulled and replaced, a pg update is the right thing to do. Backup
beforehand, etc.
The danger of a change making your application stop are very low,
while the danger of leaving some unpatched bit of nastiness in the
backend is much greater a possible problem. I.e. data loss /
corruption, things like that. And something as mature as 8.3 is now
shouldn't be running in production missing two years of patches.
Start with the release notes for 8.3.2 and move forward and see if
anything there looks like a problem for your app. Behaviour changing
changes rarely get into production releases, they get saved for the
next major version. If they do they are well noted in the release
notes.
The problem is not so much danger in upgrading, but the fact that doing
so without using the system's usual security/bugfix update path means
non-standard work for the sysadmin, meaning he has to upgrade every
package on the system using a different upgrade method, being notified
about it from a different source, and needing to check each one in
different conditions, which makes his work impossible. So the policy so
far has been "Use the packages available through debian". So I'll need
to check if there is an upgrade available through that path - and the
question is whether it's worthwhile (i.e. whether the bug in question
has indeed been fixed).