Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jbOxc-0004jZ-Uq
	for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 13:40:40 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jbOxb-0001jz-Jd
	for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 13:40:39 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <cb@df7cb.de>)
	id 1jbOxb-0001js-EW
	for pgsql-pkg-yum@lists.postgresql.org; Wed, 20 May 2020 13:40:39 +0000
Received: from feynman.df7cb.de ([195.49.152.168])
	by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <cb@df7cb.de>)
	id 1jbOxZ-0004zT-CB
	for pgsql-pkg-yum@postgresql.org; Wed, 20 May 2020 13:40:39 +0000
Received: from msg.df7cb.de (unknown
 [IPv6:2a02:908:1474:3de0:76e5:bff:fef3:7e00])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits)
 server-digest SHA256)
	(Client did not present a certificate)
	by feynman.df7cb.de (Postfix) with ESMTPSA id 49Rv5c3HdSz3DwZ;
	Wed, 20 May 2020 15:40:36 +0200 (CEST)
Date: Wed, 20 May 2020 15:40:35 +0200
From: Christoph Berg <myon@debian.org>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>,
	Stephen Frost <sfrost@snowman.net>,
	Craig Ringer <craig@2ndquadrant.com>,
	pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>
Subject: Re: Can we stop defaulting to 'ident'?
Message-ID: <20200520134035.GD296739@msg.df7cb.de>
Mail-Followup-To: Christoph Berg <myon@debian.org>,
	Peter Eisentraut <peter.eisentraut@2ndquadrant.com>,
	Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>,
	Stephen Frost <sfrost@snowman.net>,
	Craig Ringer <craig@2ndquadrant.com>,
	pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>
References: 
 <CAMsr+YFCuBGWh4=aM-K2LCsBEwcrqm=pphKKHEH09vHwXcspow@mail.gmail.com>
 <7761d006b5ace13a4d86ce489123e5004aaf8b6c.camel@gunduz.org>
 <20200519212710.GQ13712@tamriel.snowman.net>
 <6089d4c8e262dd6fe8a6510c283e674543a24b5c.camel@gunduz.org>
 <3869d8c9-c212-8d73-52f4-13b03abe4813@2ndquadrant.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3869d8c9-c212-8d73-52f4-13b03abe4813@2ndquadrant.com>
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Precedence: bulk

Re: Peter Eisentraut
> The upstream default is still to use md5 passwords by default, and some
> deliberation has gone into that to keep it that way.  So it would make sense
> to have the RPMs also do that.  The Debian packages also still use md5.
> Some consistency across the board would be good.  Otherwise it will be very
> confusing for users if everyone just goes into their own direction.

The upstream initdb default is still 'trust', but everyone agrees that
it's good that distributions are changing that so something more
secure, so we are already disconnected from the "true" default here.

We can move the Debian packages to scram as well, if that helps.
I just haven't done that yet because I haven't read up on how a
migration plan should look.

Christoph