Re: Disabling trust/ident authentication configure option

On Wed, May 20, 2015 at 07:03:26PM -0400, Tom Lane wrote:
> Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> writes:
> > Michael Banck wrote:
> >> The other set of users I could think of are those who, for whatever
> >> reason, tend to always compile PostgreSQL from source for their
> >> company/organization. Maybe they have internal rules that requires a
> >> custom installation prefix for all their servers or whatever. Due to
> >> procedural requirements, or just the unwillingness to carry deltas, they
> >> absolutely want to use the pristine tarballs as well but would be very
> >> happy to get rid of some of the authentication methods.
>
> > Right. That's the set of users that Josh B says is only comprised of
> > Volker (the OP).
>
> That might be a bit harsh, but here's the thing: assuming you're willing
> to build from source, what is the reason for wanting $small_market_feature
> to be built into Postgres rather than being something you carry a patch
> for? ISTM the core reason is that you're expecting the community to carry
> the load of testing and maintaining the feature. And the fact of the
> matter is that we're not terribly good at testing non-mainstream build
> options. (There is depressingly little variety in the configure options
> used in the buildfarm, for example.) So I wouldn't be a bit surprised
> if something like this broke every time somebody touched the auth code,
> and we would not notice. It would only be reliable if it were something
> the community tended to use regularly ... which gets us back to the point
> that what needs to happen first is a credible replacement for "trust"
> mode.

Fair enough.

> I think Andres' point about "trust" being an essential disaster recovery
> mode is something to consider, as well. That puts pretty strict limits
> on what would be a credible replacement.

Then let's rename it from `trust' to `disaster'... ;)

Michael