Re: change password_encryption default to scram-sha-256?

"Jonathan S. Katz" <jkatz(at)postgresql(dot)org> writes:
> On 4/8/19 8:49 AM, Magnus Hagander wrote:
>> I think the real question is, is it OK to give them basically 5months
>> warning, by right now saying if you don't have a release out in 6
>> months, things will break.

> Given the supported libraries all have open pull requests or issues, it
> should be fairly easy to inquire if they would be able to support it for
> PG12 vs PG13. If this sounds like a reasonable plan, I'm happy to reach
> out and see.

I think that the right course here is to notify these developers that
we will change the default in PG13, and it'd be good if they put out
stable releases with SCRAM support well before that. This discussion
seems to be talking as though it's okay if we allow zero daylight
between availability of fixed drivers and release of a PG version that
defaults to using SCRAM. That'd be totally unfair to packagers and
users. There needs to be a pretty fair-size window for those fixed
drivers to propagate into the wild. A year is not too much; IMO it's
barely enough.

regards, tom lane