Greetings, * Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost <sfr...@snowman.net> writes: > > * Magnus Hagander (mag...@hagander.net) wrote: > >> On Fri, May 22, 2020 at 4:13 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > >>> Peter Eisentraut <peter.eisentr...@2ndquadrant.com> writes: > >>>> We didn't get anywhere with making the default authentication method in > >>>> a source build anything other than trust. > > > I'm +1 on moving the default for password_encryption to be > > scram. Even better would be changing the pg_hba.conf default, but I > > think we still have concerns about that having problems with the > > regression tests and the buildfarm. > > As far as that last goes, we *did* get the buildfarm fixed to be all > v11 scripts, so I thought we were ready to move forward on trying > 09f08930f again. It's too late to consider that for v13, but > perhaps it'd be reasonable to change the SCRAM default now? Not sure.
I feel like it is. I'm not even sure that I agree that it's really too late to consider 09f08930f considering that's it's a pretty minor code change and the up-side to that is having reasonable defaults out of the box, as it were, something we have *long* been derided for. > Post-beta1 isn't the best time for such things. It'd be good to be consistent about this between the packagers and the source builds, imv, and we don't tend to think about that until we have packages being built and distributed and used and that ends up being post-beta1. If we want that changed then we should go back to having alphas.. In general though, I'm reasonably comfortable with changing of default values post beta1. I do appreciate that not everyone would agree with that, but with all the effort that's put into getting everything working with SCRAM, it'd be a real shame to keep md5 as the default for yet another year and a half.. Thanks, Stephen
signature.asc
Description: PGP signature
