On Mon, 8 Apr 2019 at 15:18, Jonathan S. Katz <jk...@postgresql.org> wrote:
> On 4/8/19 2:28 PM, Tom Lane wrote: > > Andres Freund <and...@anarazel.de> writes: > >> On 2019-04-08 13:34:12 -0400, Alvaro Herrera wrote: > >>> I'm not sure I understand all this talk about deferring changing the > >>> default to pg13. AFAICS only a few fringe drivers are missing support; > >>> not changing in pg12 means we're going to leave *all* users, even those > >>> whose clients have support, without the additional security for 18 more > >>> months. > > > >> Imo making such changes after feature freeze is somewhat poor > >> form. > > > > Yeah. > > Yeah, that's fair. > > > > >> If jdbc didn't support scram, it'd be an absolutely clear no-go imo. A > >> pretty large fraction of users use jdbc to access postgres. But it seems > >> to me that support has been merged for a while: > >> https://github.com/pgjdbc/pgjdbc/pull/1014 > > > > "Merged to upstream" is a whole lot different from "readily available in > > the field". What's the actual status in common Linux distros, for > > example? > > Did some limited research just to get a sense. > > Well, if it's RHEL7, it's PostgreSQL 9.2 so, unless they're using our > RPM, that definitely does not have it :) > > (While researching this, I noticed on the main RHEL8 beta page[1] that > PostgreSQL is actually featured, which is kind of neat. I could not > quickly find which version of the JDBC driver it is shipping with, though) > > On Ubuntu, 18.04 LTS ships PG10, but the version of JDBC does not > include SCRAM support. 18.10 ships JDBC w/SCRAM support. > > On Debian, stretch is on 9.4. buster has 11 packaged, and JDBC is > shipping with SCRAM support. > > Honestly what JDBC driver XYZ distro ships with is a red herring. Any reasonably complex java program is going to use maven and pull it's dependencies. That said from a driver developer, I support pushing this decision off to PG13 Dave Cramer da...@postgresintl.com www.postgresintl.com > >
