Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1iiFaS-0000yE-5E
	for pgsql-pkg-yum@arkaria.postgresql.org; Fri, 20 Dec 2019 10:32:48 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.89)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1iiFaP-00015q-2Y
	for pgsql-pkg-yum@arkaria.postgresql.org; Fri, 20 Dec 2019 10:32:45 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <cb@df7cb.de>)
	id 1iiFaO-00015j-Rd
	for pgsql-pkg-yum@lists.postgresql.org; Fri, 20 Dec 2019 10:32:44 +0000
Received: from feynman.df7cb.de ([195.49.152.168])
	by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <cb@df7cb.de>)
	id 1iiFaM-0007eD-FH
	for pgsql-pkg-yum@postgresql.org; Fri, 20 Dec 2019 10:32:44 +0000
Received: from msg.df7cb.de (unknown
 [IPv6:2003:5b:203b:100:7627:eaff:fe52:8e03])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits)
 server-digest SHA256)
	(Client did not present a certificate)
	by feynman.df7cb.de (Postfix) with ESMTPSA id 47fQ6x1nLjz3Dyq;
	Fri, 20 Dec 2019 11:32:41 +0100 (CET)
Date: Fri, 20 Dec 2019 11:32:40 +0100
From: Christoph Berg <myon@debian.org>
To: Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>
Cc: Craig Ringer <craig@2ndquadrant.com>,
	pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>
Subject: Re: Can we stop defaulting to 'ident'?
Message-ID: <20191220103240.GB9564@msg.df7cb.de>
Mail-Followup-To: Christoph Berg <myon@debian.org>,
	Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>,
	Craig Ringer <craig@2ndquadrant.com>,
	pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>
References: 
 <CAMsr+YFCuBGWh4=aM-K2LCsBEwcrqm=pphKKHEH09vHwXcspow@mail.gmail.com>
 <77df509da61adaebca6c5f0451f1c1616f1faa45.camel@gunduz.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <77df509da61adaebca6c5f0451f1c1616f1faa45.camel@gunduz.org>
User-Agent: Mutt/1.12.2 (2019-09-21)
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Precedence: bulk

Re: Devrim Gündüz 2019-12-20 <77df509da61adaebca6c5f0451f1c1616f1faa45.camel@gunduz.org>
> > but I think it's pretty unhelpful. At least if we used 'md5' the user could
> > set passwords and have them actually work.
> 
> IMHO the only alternative could be "trust", because I am not holding my breath
> for the majority of our users to be able to setup a password that easily
> (yeah). I'm also not inclined to setup a default password for RPM installations
> (and also RPMs must not do any interactive work, like asking for a password)

Fwiw, the Debian packages have been using md5 forever, and do not set
a password either. People seem to be able to set a password
themselves. I've never heard any complaint about it. (Except for some
poking that scram might be better.)

Christoph