Re: sunsetting md5 password support

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Andrew Dunstan <andrew@dunslane.net>, Heikki Linnakangas <hlinnaka@iki.fi>, Nathan Bossart <nathandbossart@gmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2024-10-10T22:34:01Z
Lists: pgsql-hackers
> On 11 Oct 2024, at 00:28, Tom Lane <tgl@sss.pgh.pa.us> wrote:

> On the whole I agree with Heikki's comment that we should just
> do it (disallow MD5, full stop) whenever we feel that enough
> time has passed.  These intermediate states are mostly going to
> add headaches.  Maybe we could do something with an intermediate
> release that just emits warnings, without any feature changes.

+1, warnings and ample documentation for how to perform the migration (and why,
I'm sure it will come as a surprise to *many*) is likely our best investment.
That coupled with a well communicated point in time for when MD5 goes away with
notices in all release notes up until that point.

--
Daniel Gustafsson




Commits

  1. Deprecate MD5 passwords.