Peter Eisentraut <peter_e@gmx.net> writes:
> Tom Lane wrote:
>> There are of course some questions about how to document this
>> effectively, so that it doesn't create more confusion than it avoids.
> Yes, that is another thing I'm afraid of.
Yeah, if you look up-thread you'll find me expressing the same concern
several days ago. But this doesn't seem to me to be a reason to reject
the idea outright. Let's ask for a proposed patch that covers all the
needed documentation changes, and see if it seems clear enough or not.
I still think that the presence of -W/--pwfile in initdb's arguments
is a pretty clear cue that TRUST auth isn't what the DBA intends to
use. Yes, there will be exceptions, but there will be far more
cases where the TRUST default is wrong even though no -W was given.
So I think we might as well try to do the "right thing" here. I see
no good argument against it except for the potential-confusion one;
let's see if the proponents can refute that argument by providing
clear documentation.
regards, tom lane