public inbox for [email protected]
help / color / mirror / Atom feedRe: Time to drop RADIUS support?
2+ messages / 2 participants
[nested] [flat]
* Re: Time to drop RADIUS support?
@ 2026-01-23 10:43 Michael Banck <[email protected]>
2026-01-23 14:53 ` Re: Time to drop RADIUS support? Álvaro Herrera <[email protected]>
0 siblings, 1 reply; 2+ messages in thread
From: Michael Banck @ 2026-01-23 10:43 UTC (permalink / raw)
To: Thomas Munro <[email protected]>; +Cc: PostgreSQL Hackers <[email protected]>
Hi,
On Fri, Jan 23, 2026 at 11:22:45PM +1300, Thomas Munro wrote:
> The real recommendation of the paper was "don't use RADIUS/UDP at
> all", and I don't want to expend energy writing a RADIUS/TLS client
> for a hypothetical user, so I think we should just delete it all, and
> stick a deprecation notice in the release branch documentation, as
> attached.
So you are saying we add a deprecation notice in the back branches and
drop it in V19? If this is a severe security issue then maybe we can
just remove it everywhere (ugh), or if not, I think it probably warrants
at least one release cycle of deprecation. Do we have a formal
deprecation timeline policy nowadays?
Michael
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: Time to drop RADIUS support?
2026-01-23 10:43 Re: Time to drop RADIUS support? Michael Banck <[email protected]>
@ 2026-01-23 14:53 ` Álvaro Herrera <[email protected]>
0 siblings, 0 replies; 2+ messages in thread
From: Álvaro Herrera @ 2026-01-23 14:53 UTC (permalink / raw)
To: Michael Banck <[email protected]>; +Cc: Thomas Munro <[email protected]>; PostgreSQL Hackers <[email protected]>
On 2026-Jan-23, Michael Banck wrote:
> So you are saying we add a deprecation notice in the back branches and
> drop it in V19? If this is a severe security issue then maybe we can
> just remove it everywhere (ugh), or if not, I think it probably warrants
> at least one release cycle of deprecation. Do we have a formal
> deprecation timeline policy nowadays?
I don't think we do.
Would it work to add a WARNING (or something) to all back branches to
ask users to write here, so that we can confirm in the next few months
whether the protocol is completely unused or not? If we do find users,
then we could try to think of workarounds[*], but otherwise we'd just
remove it for pg19 (or pg20 at the latest) and not waste any more time
on it.
I don't think removing it entirely from all back branches is a good
idea, without first making sure that there are no users.
[*] or even just a way to document a migration to PAM-based Radius.
--
Álvaro Herrera 48°01'N 7°57'E — https://www.EnterpriseDB.com/
"I'm impressed how quickly you are fixing this obscure issue. I came from
MS SQL and it would be hard for me to put into words how much of a better job
you all are doing on [PostgreSQL]."
Steve Midgley, http://archives.postgresql.org/pgsql-sql/2008-08/msg00000.php
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~2026-01-23 14:53 UTC | newest]
Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2026-01-23 10:43 Re: Time to drop RADIUS support? Michael Banck <[email protected]>
2026-01-23 14:53 ` Álvaro Herrera <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox