Re: change password_encryption default to scram-sha-256? - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: change password_encryption default to scram-sha-256?
Date
Msg-id 20190412232610.p3g5qy5ckp3equta@momjian.us
Whole thread Raw
In response to Re: change password_encryption default to scram-sha-256?  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
On Mon, Apr  8, 2019 at 10:08:07AM -0400, Tom Lane wrote:
> "Jonathan S. Katz" <jkatz@postgresql.org> writes:
> > On 4/8/19 8:49 AM, Magnus Hagander wrote:
> >> I think the real question is, is it OK to give them basically 5months
> >> warning, by right now saying if you don't have a release out in 6
> >> months, things will break.
> 
> > Given the supported libraries all have open pull requests or issues, it
> > should be fairly easy to inquire if they would be able to support it for
> > PG12 vs PG13. If this sounds like a reasonable plan, I'm happy to reach
> > out and see.
> 
> I think that the right course here is to notify these developers that
> we will change the default in PG13, and it'd be good if they put out
> stable releases with SCRAM support well before that.  This discussion
> seems to be talking as though it's okay if we allow zero daylight
> between availability of fixed drivers and release of a PG version that
> defaults to using SCRAM.  That'd be totally unfair to packagers and
> users.  There needs to be a pretty fair-size window for those fixed
> drivers to propagate into the wild.  A year is not too much; IMO it's
> barely enough.

It would be nice to address channel binding as part of this.

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +



pgsql-hackers by date:

Previous
From: Thomas Munro
Date:
Subject: Re: PANIC: could not flush dirty data: Operation not permittedpower8, Redhat Centos
Next
From: Alvaro Herrera
Date:
Subject: Re: pg_dump is broken for partition tablespaces