| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: GSSAPI, SSPI - include_realm default |
| Date: | 2014-12-09 22:38:25 |
| Message-ID: | 20141209223825.GO25679@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Peter Eisentraut (peter_e(at)gmx(dot)net) wrote:
> On 12/5/14 1:06 PM, Stephen Frost wrote:
> >> I suggest we also backpatch some documentation suggesting that people
> >> > manually change the include_realm parameter (perhaps also with a note
> >> > saying that the default will change in 9.5).
> > I'll work on a patch for back-branches if everyone is alright with this
> > patch against master.
>
> I don't think backpatching this is necessary or appropriate.
Sorry if that wasn't clear but the idea was to *just* backpatch the
documentation comments, not to change the default in back-branches.
> First of all, this isn't even released, and it might very well change
> again later. The right time to publicly notify about this change is not
> before when 9.5 is released.
>
> Also, it's not like people keep re-reading the old documentation in
> order to get updated advice. It might very well be confusing if stable
> documentation changes because of future events. Users who are
> interested in knowing about changes in future releases should read the
> release notes of those future releases.
>
> My comment that include_realm is supported back to 8.4 was because there
> is an expectation that a pg_hba.conf file can be used unchanged across
> several major releases. So when 9.5 comes out and people update their
> pg_hba.conf files for 9.5, those files will still work in old releases.
> But the time to do those updates is then, not now.
The back-branches are being patched to discourage using the default
because it's not a secure approach. New users start using PG all the
time and so changing the existing documentation is worthwhile to ensure
those new users understand. A note in the release notes for whichever
minor release the change to the documentation shows up in would be a
good way to make existing users aware of the change and hopefully
encourage them to review their configuration.
If we don't agree that the change should be made then we can discuss
that, but everyone commenting so far has agreed on the change.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2014-12-09 22:40:35 | Re: GSSAPI, SSPI - include_realm default |
| Previous Message | Jim Nasby | 2014-12-09 22:32:36 | Re: On partitioning |