Re: md5_password_warnings for password auth with MD5-encrypted passwords

Nathan Bossart <nathandbossart@gmail.com>

From: Nathan Bossart <nathandbossart@gmail.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: Jacob Champion <jacob.champion@enterprisedb.com>, Kyotaro Horiguchi <horikyota.ntt@gmail.com>, masao.fujii@gmail.com, pgsql-hackers@lists.postgresql.org
Date: 2026-06-29T14:33:56Z
Lists: pgsql-hackers
On Mon, Jun 29, 2026 at 12:00:31PM +0900, Michael Paquier wrote:
> On Fri, Jun 26, 2026 at 01:18:55PM -0500, Nathan Bossart wrote:
>> TBH I'm not too opinionated here, if for no other reason than all this code
>> should be getting deleted in the next couple of years.
> 
> v20 perhaps?  Let's be on the very optimistic side of the spectrum.  :p

My plan was to allow a couple more years for word to spread and warnings to
be seen, and then to remove it in ~v22.  If there's consensus to do it
earlier, I'm happy to do so, but I lean towards extreme caution with the
timeline.

-- 
nathan



Commits

  1. Warn on password auth with MD5-encrypted passwords