Dave,
There is no attack of any kind in that post. I am sympathizing with Avin. While I agree that there are use cases where a master password feature makes sense, I disagree that it is the majority of cases, or even applicable to the majority of users. Therefore I believe that it is implemented poorly. If history is any guide there will be plenty more users stumbling across this list frustrated and just wanting to know how to 'get rid of' or simply 'turn it off'.
So where I wrote sympathy and solutions, you choose to see attacks. I think that says more about you than about myself.
If the pgAdmin developers want
nothing but praise and the occasional sterile bug report they should probably stop reading, or shut down this list. After all, a link to the
redmine bug report page would suffice for the latter.
Whether writing commercial or open source software, paid or volunteer, some people are not going to agree with your choices or decisions (just as Linus). As long as we are criticizing the software and not the people writing it, the software and all of us, end up better for it.
I hope you take the time to think about what I've written,
rik.
Richard,
Avin,
I agree, the master password nonsense was poorly implemented. I too wish the developers would rethink it. Until then there is a way to disable it by setting an option in a config file. I can provide more details if you would like (or you could look for other more expansive posts by myself on this topic in the list archives).
You've made your feelings known many times now, and we're all well aware of them - just as you are aware that there are legitimate security concerns that caused it to be implemented (that were raised by end users), ones that arguably warrant a medium level CVSS vulnerability score (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N), and other concerns such as allowing a network administrator to enforce security policy that led to the design.
Please refrain from any further remarks that disparage the work of people who - in many cases, voluntarily - spend hundreds or thousands of hours of their time developing software that you get to use freely. Constructive feedback and better yet ideas or code are welcome always, but repeated negativity that is borderline ad hominem is not.
--
