Re: Successor of MD5 authentication, let's use SCRAM

* Josh Berkus (josh@agliodbs.com) wrote:
> Problem is, the fact that setting up SSL correctly is hard is outside of
> our control.

Agreed, though the packagers do make it easier..

> Unless we can give people a "run these three commands on each server and
> you're now SSL authenticating" script, we can continue to expect the
> majority of users not to use SSL.  And I don't think that level of
> simplicity is even theoretically possible.

The Debian-based packages do quite a bit to ease this pain.  Do the
other distributions do anything to set up SSL certificates, etc on
install?  Perhaps they could be convinced to?
Thanks,
    Stephen