Re: PATCH: warn about, and deprecate, clear text passwords

On Wed, Mar 19, 2025 at 09:24:19AM -0400, Greg Sabino Mullane wrote:
> I'm a little confused at some of the pushback - this patch is 100% backwards
> compatible, addresses a specific requested concern by allowing a DBA to
> disallow clear text passwords, and adds a warning to what is clearly a bad
> practice that we should be discouraging.
>
> Robert - would you be more inclined to accept this if we kept the three states,
> but made the default "allow"? That would still allow people to bump it stronger
> manually, but would have no effect on everyone else. That would give us time to
> tweak the wording and/or examine other approaches. Although any other
> approaches would still leave the need to do something with passwords via ALTER
> USER / CREATE USER in the interim.

You are getting pushback because this complex user change is still being
debated in mid-March, when the feature freeze is only a few weeks away.

--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com

Do not let urgent matters crowd out time for investment in the future.