Re: MD5-based passwords

Ned Wolpert <wolpert@yahoo.com> writes:
> Well, if we're talking about 7.2 versus 7.3, I'd rather see them in the
> 7.2 release. If, however, we're talking about 7.2 version 7.2.x, then
> we may want to wait until 7.2.x.

Standard procedure for the Postgres project has always been that
dot-releases contain no new features, only bug-fixes (and, usually,
only fairly critical ones).

I think that it's okay to add the jdbc MD5 password code now; we can
call it a bug fix on either of two grounds:

    (a) if you stand back far enough that jdbc is indistinguishable
        from the rest of the system, then this is arguably
        completion of an existing feature, not adding a new one.

    (b) in any case, JDBC users will certainly see it as a bug
        if everyone but them can use MD5 passwords.

Also, if the code proves to have bugs, what's the downside?  Only that
JDBC users will be unable to use MD5 passwords; but that will certainly
be true if we don't try.  So I think I'd go for it.

On the other hand, some of the other stuff Dave mentioned sounded like
whole new features, and since we are in beta now I think the "no new
features during beta" rule ought to apply.

Just my $0.02 ...

            regards, tom lane