Re: GSSAPI, SSPI - include_realm default - Mailing list pgsql-hackers
| From | Stephen Frost |
|---|---|
| Subject | Re: GSSAPI, SSPI - include_realm default |
| Date | |
| Msg-id | 20141209224035.GP25679@tamriel.snowman.net Whole thread Raw |
| In response to | Re: GSSAPI, SSPI - include_realm default (Magnus Hagander <magnus@hagander.net>) |
| Responses |
Re: GSSAPI, SSPI - include_realm default
(Bruce Momjian <bruce@momjian.us>)
Re: GSSAPI, SSPI - include_realm default (Peter Eisentraut <peter_e@gmx.net>) |
| List | pgsql-hackers |
* Magnus Hagander (magnus@hagander.net) wrote:
> On Dec 9, 2014 10:52 PM, "Peter Eisentraut" <peter_e@gmx.net> wrote:
> >
> > On 12/5/14 1:06 PM, Stephen Frost wrote:
> > >> I suggest we also backpatch some documentation suggesting that people
> > >> > manually change the include_realm parameter (perhaps also with a note
> > >> > saying that the default will change in 9.5).
> > > I'll work on a patch for back-branches if everyone is alright with this
> > > patch against master.
> >
> > I don't think backpatching this is necessary or appropriate.
> >
> > First of all, this isn't even released, and it might very well change
> > again later. The right time to publicly notify about this change is not
> > before when 9.5 is released.
> >
> > Also, it's not like people keep re-reading the old documentation in
> > order to get updated advice. It might very well be confusing if stable
> > documentation changes because of future events. Users who are
> > interested in knowing about changes in future releases should read the
> > release notes of those future releases.
> >
> > My comment that include_realm is supported back to 8.4 was because there
> > is an expectation that a pg_hba.conf file can be used unchanged across
> > several major releases. So when 9.5 comes out and people update their
> > pg_hba.conf files for 9.5, those files will still work in old releases.
> > But the time to do those updates is then, not now.
> >
>
> I thought the idea was to backpatch documentation saying "it's a good idea
> to change this value to x because of y". Not actually referring to the
> upcoming change directly. And I still think that part is a good idea, as it
> helps people avoid potential security pitfalls.
I agree with this but I don't really see why we wouldn't say "hey, this
is going to change in 9.5." Peter's argument sounds like he'd rather we
not make any changes to the existing documentation, and I don't agree
with that, and if we're making changes then, imv, we might as well
comment that the default is changed in 9.5.
> So not really a backpatch as so, rather a separate patch for the back
> branches. (and people definitely reread the docs - since they deploy new
> systems on the existing versions...)
Yes, I was going to write a different patch for the back-branches,
apologies if that wasn't clear. I'll see about drafting something up
soon as there doesn't seem to be any argument about the substance of the
proposed patch for master.
Thanks,
Stephen
pgsql-hackers by date: