On 02.03.22 15:16, Jonathan S. Katz wrote:
>> I find that a lot of people are still purposely using md5. Removing
>> it now or in a year would be quite a disruption.
>
> What are the reasons they are still purposely using it? The ones I have
> seen/heard are:
>
> - Using an older driver
> - On a pre-v10 PG
> - Unaware of SCRAM
I'm not really sure, but it seems like they are content with what they
have and don't want to bother with the new fancy stuff.
> What I'm proposing above is to start the process of deprecating it as an
> auth method, which also allows to continue the education efforts to
> upgrae. Does that make sense?
I'm not in favor of starting a process that will result in removal of
the md5 method at this time.