Re: Removing SSL renegotiation (Was: Should we back-patch SSL renegotiation fixes?)

On 2015-06-27 15:07:05 +0900, Michael Paquier wrote:
> On Sat, Jun 27, 2015 at 6:12 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > Andres Freund <andres(at)anarazel(dot)de> writes:
> >> On 2015-06-24 16:41:48 +0200, Andres Freund wrote:
> >>> I, by now, have come to a different conclusion. I think it's time to
> >>> entirely drop the renegotiation support.
> >
> >> I think by now we essentially concluded that we should do that. What I'm
> >> not sure yet is how: Do we want to rip it out in master and just change
> >> the default in the backbranches, or do we want to rip it out in all
> >> branches and leave a faux guc in place in the back branches. I vote for
> >> the latter, but would be ok with both variants.
> >
> > I think the former is probably the saner answer. It is less likely to
> > annoy people who dislike back-branch changes. And it will be
> > significantly less work, considering that that code has changed enough
> > that you won't be able to just cherry-pick a removal patch. I also fear
> > there's a nonzero chance of breaking stuff if you're careless about doing
> > the removal in one or more of the five active back branches ...
>
> +1 for removing on master and just disabling on back-branches.

The problem with that approach is that it leaves people hanging in the
dry if they've uncommented the default value, or changed it. That
doesn't seem nice to me.

Andres