Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1swUFo-0045Iz-PH for pgsql-hackers@arkaria.postgresql.org; Thu, 03 Oct 2024 22:25:01 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1swUFo-005Izb-6V for pgsql-hackers@arkaria.postgresql.org; Thu, 03 Oct 2024 22:25:00 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1swUFn-005IzT-TT for pgsql-hackers@lists.postgresql.org; Thu, 03 Oct 2024 22:24:59 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1swUFk-002PmP-6d; Thu, 03 Oct 2024 22:24:59 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 493MOsqZ473658; Thu, 3 Oct 2024 18:24:54 -0400 From: Tom Lane To: Nathan Bossart cc: "Jonathan S. Katz" , Michael Paquier , Alexander Lakhin , pgsql-hackers Subject: Re: Should rolpassword be toastable? In-reply-to: References: <2047353.1726784074@sss.pgh.pa.us> <0a9b7f96-aa2f-41eb-8e69-62f7990ebf74@postgresql.org> <0d8f3541-13f4-4194-8dca-bae881cf1a9a@postgresql.org> <2445149.1726849661@sss.pgh.pa.us> <465160.1727991546@sss.pgh.pa.us> Comments: In-reply-to Nathan Bossart message dated "Thu, 03 Oct 2024 17:17:01 -0500" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <473656.1727994294.1@sss.pgh.pa.us> Date: Thu, 03 Oct 2024 18:24:54 -0400 Message-ID: <473657.1727994294@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Nathan Bossart writes: > I don't mind proceeding with the patch if there is strong support for it. > I wavered only because it's hard to be confident that we are choosing the > right limit. I'm not that fussed about it; surely 256 is more than anyone is using? If not, we'll get push-back and then we can have a discussion about the correct limit that's informed by more than guesswork. > ... But I can also buy the argument that none of this is a strong > enough reason to avoid making the error message nicer... There's that, and there's also the fact that if you assume someone is using $sufficiently-long-passwords then we might have broken their use-case already. We can't have much of a conversation here without a concrete case to look at. regards, tom lane