Greetings,
* Christoph Berg (myon@debian.org) wrote:
> Re: Peter Eisentraut
> > The upstream default is still to use md5 passwords by default, and some
> > deliberation has gone into that to keep it that way. So it would make sense
> > to have the RPMs also do that. The Debian packages also still use md5.
> > Some consistency across the board would be good. Otherwise it will be very
> > confusing for users if everyone just goes into their own direction.
>
> The upstream initdb default is still 'trust', but everyone agrees that
> it's good that distributions are changing that so something more
> secure, so we are already disconnected from the "true" default here.
>
> We can move the Debian packages to scram as well, if that helps.
> I just haven't done that yet because I haven't read up on how a
> migration plan should look.
Yes, I think that would make a lot of sense. I'd be happy to chat about
what that would look like if it'd help.
I'd also vote for moving the upstream initdb default to scram too, of
course. It'd certainly be nice to get all of these things in line
together and there's really no good reason to be using md5 these days
for new installs (or, really, even for most old installs..).
Thanks,
Stephen