Re: [Patch] Mention md5 is deprecated in postgresql.conf.sample

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Michael Banck <mbanck@gmx.net>
Cc: Postgres hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-11-14T11:53:41Z
Lists: pgsql-hackers
> On 14 Nov 2025, at 11:47, Michael Banck <mbanck@gmx.net> wrote:

> while looking through postgresql.conf on PG18, I noticed that
> password_encryption mentions md5 as valid alternative to scram-sha-256.
> I think it would be useful to mention md5 is deprecated so that people
> looking at it (but have otherwise not gotten the memo) will realize and
> hopefully act on it.

No objection.  I suspect the overlap between users who don't read release notes
and users who read .conf.sample comments closely is pretty small, but it
certainly won't hurt.

-#password_encryption = scram-sha-256	# scram-sha-256 or md5
+#password_encryption = scram-sha-256	# scram-sha-256 or (deprecated) md5
 #scram_iterations = 4096
 #md5_password_warnings = on

Maybe this should be combined with a comment on md5_password_warnings as well?

--
Daniel Gustafsson