Re: GSSAPI, SSPI - include_realm default

On Dec 9, 2014 10:52 PM, "Peter Eisentraut" <peter_e(at)gmx(dot)net> wrote:
>
> On 12/5/14 1:06 PM, Stephen Frost wrote:
> >> I suggest we also backpatch some documentation suggesting that people
> >> > manually change the include_realm parameter (perhaps also with a note
> >> > saying that the default will change in 9.5).
> > I'll work on a patch for back-branches if everyone is alright with this
> > patch against master.
>
> I don't think backpatching this is necessary or appropriate.
>
> First of all, this isn't even released, and it might very well change
> again later. The right time to publicly notify about this change is not
> before when 9.5 is released.
>
> Also, it's not like people keep re-reading the old documentation in
> order to get updated advice. It might very well be confusing if stable
> documentation changes because of future events. Users who are
> interested in knowing about changes in future releases should read the
> release notes of those future releases.
>
> My comment that include_realm is supported back to 8.4 was because there
> is an expectation that a pg_hba.conf file can be used unchanged across
> several major releases. So when 9.5 comes out and people update their
> pg_hba.conf files for 9.5, those files will still work in old releases.
> But the time to do those updates is then, not now.
>

I thought the idea was to backpatch documentation saying "it's a good idea
to change this value to x because of y". Not actually referring to the
upcoming change directly. And I still think that part is a good idea, as it
helps people avoid potential security pitfalls.

So not really a backpatch as so, rather a separate patch for the back
branches. (and people definitely reread the docs - since they deploy new
systems on the existing versions...)

/Magnus