Re: Can we stop defaulting to 'md5'?

On 2020-05-29 11:14, Christoph Berg wrote:
> Re: Peter Eisentraut
>>>> You get that if you set the authentication method to "md5". (Clearly not a
>>>> very clear name, but it exists.)
>>>
>>> Thanks, I'll probably do that.
>>>
>>> Do we want that for PG13+, or even for 10+?
>>
>> Isn't that already the default for Debian packages?
>
> I meant setting password_encryption to scram.

That depends on what you consider your backward compatibility commitment
to be.

The consensus on pgsql-hackers appears to be to make that change in PG14
upstream, under the theory that by the time PG14 is released, PG9.6 (the
last non-SCRAM release) will be (almost) EOL. So anyone using
from-source builds under strict observation of EOL dates would not have
compatibility problems when using their old libpq to connect to a newer
server.

AFAICT, in Debian you still have 9.6 in stretch until either 2020 or LTS
until 2022, and in Ubuntu 16.04 you still have 9.5 until 2021. So,
well, any choice you end up making can be defended.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services