On 18.01.21 07:18, Michael Paquier wrote:
This would be interpreting setconfig='{password_encryption=on}' as "opt out of future password security increases". I expect that will tend not to match the intent of the person entering the setting. That said, if v14 were already behaving this way, I wouldn't dislike it enough to complain.Hm. Up to 13, "on" is a synonym of "md5", so it seems to me that we should map "on" to "md5" rather than "scram-sha-256" on the side of compatibility. But you have a point when it comes to good security practices. It makes me wonder whether it would be better to have pg_dumpall complain rather than pg_upgrade if this value is found in the proconfig items.. pg_upgrade is not the only upgrade path supported.
This is registered in the commit fest, but there is no actual patch proposed.
I don't think it's worth doing anything about this. Right now, you get a clear error message, and then you can decide what to do about it.
