Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1jedY0-00075j-82
	for pgsql-pkg-debian@arkaria.postgresql.org; Fri, 29 May 2020 11:51:36 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1jedXy-00022s-Rg
	for pgsql-pkg-debian@arkaria.postgresql.org; Fri, 29 May 2020 11:51:34 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <peter.eisentraut@2ndquadrant.com>)
	id 1jedXy-00020o-MI; Fri, 29 May 2020 11:51:34 +0000
Received: from wforward4-smtp.messagingengine.com ([64.147.123.34])
	by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <peter.eisentraut@2ndquadrant.com>)
	id 1jedXr-0008C3-VS; Fri, 29 May 2020 11:51:33 +0000
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	by mailforward.west.internal (Postfix) with ESMTP id 1252B86F;
	Fri, 29 May 2020 07:51:26 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute1.internal (MEProxy); Fri, 29 May 2020 07:51:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=content-transfer-encoding:content-type
	:date:from:in-reply-to:message-id:mime-version:references
	:subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
	:x-sasl-enc; s=fm2; bh=PCdchLY0Rkcq8bltJElkdTIgjraAWBKMNORY6HbtJ
	cM=; b=YVrlgyjLNs+A/MuKDB5QvaKgbJoJwMC7AQn6PoccZqH3p1byxjdr0bkHv
	F5OVXJn+Q52k7rNuATr0ta/tusriwL9a/iY3+4JW6cnF+Y+FKVdJHzwJS+SaBv/N
	C4YkzPqDN5WrtFmNTx5TZ0rll0Fc6MD0mxIHUa1nDl4szxIGBZ1opQcxpzxeQoXW
	oUUjKmVTSqwDhEbrWcel7ta2XyXSJtTvJ/Y+fJ8mrMPxYo0w+E+M17uoeGRdH0BN
	t8XHY4itZIJbwcEu6qL67TJ0NqWSs8S4FlbqPV2nGYsYJfCqzsURrLEAQHCsghz1
	vVvHeRvP8+p4dXjqqNR+7kwp+VF8g==
X-ME-Sender: <xms:PffQXi9dpwcQLepAmqOp6Kz5oUxp5HbvWa1XStHJyAyAnd42DirkYQ>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeduhedruddvkedgfeefucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
    cujfgurhepuffvfhfhohfkffgfgggjtgfgsehtjeertddtfeejnecuhfhrohhmpefrvght
    vghrucfgihhsvghnthhrrghuthcuoehpvghtvghrrdgvihhsvghnthhrrghuthesvdhnug
    hquhgrughrrghnthdrtghomheqnecuggftrfgrthhtvghrnheptdevgeehtdejvdevvdel
    jeeuveejjedtleelgfekleefieekjeelgfektdduuedvnecuffhomhgrihhnpedvnhguqh
    hurggurhgrnhhtrdgtohhmnecukfhppeelfedrvdegfedrkedvrddvgeeinecuvehluhhs
    thgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepphgvthgvrhdrvghish
    gvnhhtrhgruhhtsedvnhguqhhurggurhgrnhhtrdgtohhm
X-ME-Proxy: <xmx:PffQXisDRZHBCyob9H3PluripckinWXYOtJ7VpLtEq4tx_-kj7XUIQ>
    <xmx:PffQXoBTPwjUJ0MEVJkT8g_ZRatWSw07fMu2WjRH2VT4iaYX0l9ITg>
    <xmx:PffQXqf53qar7S9Ip4TTPjmJoBPCvAhQcIQnjvUH9P8VDme_6d6DKg>
    <xmx:PffQXggcaqSJqEHLbAGnCktgK3kzvd8VpS0sQgzEg0aqZiZp8T46az_-qcU>
Received: from april.pezone.net (p5df352f6.dip0.t-ipconnect.de
 [93.243.82.246])
	by mail.messagingengine.com (Postfix) with ESMTPA id 4E8D73280059;
	Fri, 29 May 2020 07:51:24 -0400 (EDT)
Subject: Re: Can we stop defaulting to 'md5'?
To: Christoph Berg <myon@debian.org>, Stephen Frost <sfrost@snowman.net>,
 =?UTF-8?B?RGV2cmltIEfDvG5kw7x6?= <devrim@gunduz.org>,
 Craig Ringer <craig@2ndquadrant.com>,
 pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>,
 PostgreSQL in Debian <pgsql-pkg-debian@postgresql.org>
References: <20200528163856.GB107313@msg.df7cb.de>
 <ed0f8d57-5b2c-b08f-f94b-e15e784e8cef@2ndquadrant.com>
 <20200528201122.GD107313@msg.df7cb.de>
 <54aa86c2-ead7-98a2-6264-76acef12ab7a@2ndquadrant.com>
 <20200529091442.GA179209@msg.df7cb.de>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Organization: 2ndQuadrant
Message-ID: <c82d5b30-9d65-a52e-87b6-e5eda5fb35b1@2ndquadrant.com>
Date: Fri, 29 May 2020 13:51:23 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0)
 Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20200529091442.GA179209@msg.df7cb.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
List-Id: <pgsql-pkg-debian.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-debian@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-debian-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-debian>
Precedence: bulk

On 2020-05-29 11:14, Christoph Berg wrote:
> Re: Peter Eisentraut
>>>> You get that if you set the authentication method to "md5".  (Clearly not a
>>>> very clear name, but it exists.)
>>>
>>> Thanks, I'll probably do that.
>>>
>>> Do we want that for PG13+, or even for 10+?
>>
>> Isn't that already the default for Debian packages?
> 
> I meant setting password_encryption to scram.

That depends on what you consider your backward compatibility commitment 
to be.

The consensus on pgsql-hackers appears to be to make that change in PG14 
upstream, under the theory that by the time PG14 is released, PG9.6 (the 
last non-SCRAM release) will be (almost) EOL.  So anyone using 
from-source builds under strict observation of EOL dates would not have 
compatibility problems when using their old libpq to connect to a newer 
server.

AFAICT, in Debian you still have 9.6 in stretch until either 2020 or LTS 
until 2022, and in Ubuntu 16.04 you still have 9.5 until 2021.  So, 
well, any choice you end up making can be defended.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services