On Thu, Oct 10, 2024 at 02:11:53AM +0300, Heikki Linnakangas wrote: > My feeling is that it would be less confusing to users to just disallow md5 > passwords in one release. I'm not sure these intermediate steps are really > doing anyone any favors.
As I'm reading the various responses in this thread, I do find myself leaning in this direction. My intent with the incremental approach was to provide gentle reminders to migrate for a few years before removing support completely, but I suppose there will always be a subset of users that will wait until we actually follow through. If we went this route, we could still do step 1 (add deprecation notices), but there would just be one more step along the lines of "after X years, remove all support." (Or maybe we would remove server support after X years and then remove libpq support after Y more years.) In general, it seems like folks are generally onboard with removing MD5 password support. For v18, the only thing I'm hoping to accomplish is to get the deprecation notices added, so I will start writing a patch for that. Perhaps we should also consider adding WARNINGs whenever folks use MD5 passwords in any fashion (with a corresponding GUC to turn those off). -- nathan
