Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jbPyC-0006xe-PC
	for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 14:45:20 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jbPyB-0005tr-N4
	for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 14:45:19 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <sfrost@tamriel.snowman.net>)
	id 1jbPyB-0005tk-I6
	for pgsql-pkg-yum@lists.postgresql.org; Wed, 20 May 2020 14:45:19 +0000
Received: from tamriel.snowman.net ([2001:470:e38f::11])
	by magus.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <sfrost@tamriel.snowman.net>)
	id 1jbPxz-00061f-Jg
	for pgsql-pkg-yum@postgresql.org; Wed, 20 May 2020 14:45:19 +0000
Received: by tamriel.snowman.net (Postfix, from userid 1000)
	id 0DE565F79E; Wed, 20 May 2020 10:45:05 -0400 (EDT)
Date: Wed, 20 May 2020 10:45:04 -0400
From: Stephen Frost <sfrost@snowman.net>
To: Christoph Berg <myon@debian.org>,
	Peter Eisentraut <peter.eisentraut@2ndquadrant.com>,
	Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>,
	Craig Ringer <craig@2ndquadrant.com>,
	pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>
Subject: Re: Can we stop defaulting to 'ident'?
Message-ID: <20200520144504.GB3418@tamriel.snowman.net>
References: 
 <CAMsr+YFCuBGWh4=aM-K2LCsBEwcrqm=pphKKHEH09vHwXcspow@mail.gmail.com>
 <7761d006b5ace13a4d86ce489123e5004aaf8b6c.camel@gunduz.org>
 <20200519212710.GQ13712@tamriel.snowman.net>
 <6089d4c8e262dd6fe8a6510c283e674543a24b5c.camel@gunduz.org>
 <3869d8c9-c212-8d73-52f4-13b03abe4813@2ndquadrant.com>
 <20200520134035.GD296739@msg.df7cb.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="6sX45UoQRIJXqkqR"
Content-Disposition: inline
In-Reply-To: <20200520134035.GD296739@msg.df7cb.de>
User-Agent: Mutt/1.5.24 (2015-08-30)
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Precedence: bulk


--6sX45UoQRIJXqkqR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Greetings,

* Christoph Berg (myon@debian.org) wrote:
> Re: Peter Eisentraut
> > The upstream default is still to use md5 passwords by default, and some
> > deliberation has gone into that to keep it that way.  So it would make =
sense
> > to have the RPMs also do that.  The Debian packages also still use md5.
> > Some consistency across the board would be good.  Otherwise it will be =
very
> > confusing for users if everyone just goes into their own direction.
>=20
> The upstream initdb default is still 'trust', but everyone agrees that
> it's good that distributions are changing that so something more
> secure, so we are already disconnected from the "true" default here.
>=20
> We can move the Debian packages to scram as well, if that helps.
> I just haven't done that yet because I haven't read up on how a
> migration plan should look.

Yes, I think that would make a lot of sense.  I'd be happy to chat about
what that would look like if it'd help.

I'd also vote for moving the upstream initdb default to scram too, of
course.  It'd certainly be nice to get all of these things in line
together and there's really no good reason to be using md5 these days
for new installs (or, really, even for most old installs..).

Thanks,

Stephen

--6sX45UoQRIJXqkqR
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJexUJwAAoJEO1sijiDR2RVzKsP/iLMJHLGbtz9bYA1gHkCF4R8
KA63EV19tN0i2WVbRXFWVAxG96lSllcGD3HJvt95nSXzwI02okRLVPHvdA+/jq91
xQVyh/ehr6VpPDUZHy8Mqcv5GUJ9LB7xXVJWJeocQYMxLTpeZSQNFA50uAAWNJ/I
YLQeX/5DW1PMiZkd2BDtzuPE9KIUNhAY2QlEmO9vvq6ygLDYhpbYuxNkCW0zSijw
KFGhWzHzymShj+YdQEZdIbZvXO+1qmnE51XYnxGL7omq2CoVjSc/tCiR5FpluBmE
SCtIiG+XCk3wZLYxMhfmfZNWjwqaDPMj7OG8Cr0BrafhiXhkVv2N4fHJlQVAgtgW
kv+IHzikwJL8hfWw73d0uec7ZcJJRAoReV6z02p1VCHhWnJl3JiqCd8Be1Mzuli+
7ZUbRC1y3LQqp8JghB44xjAc2KIPzyE0pB115PxUmCXLG6UsrBDtcf2g0jH2wSjg
9wo5+oyudKPFFaC8n/FCDBeBlZNuVo7zkyrUB617pbFj+vUrygY5hZt+yKcqHw1b
wzl/X8yFswP+uAPQ2odW8i+aSYvIAyfGC1BDSL4cOuof/KxSwpeRNrO2OgVkDF9v
Wb7V9Gey/8B/cwfCnPDopYzqVigTrR5V6yzrF4jvLV22ipcNpxb8XxH7IsJnBj8e
Q4N/Qa4HL3vKYOQARKJq
=BGN5
-----END PGP SIGNATURE-----

--6sX45UoQRIJXqkqR--