Re: PG 14 release notes, first draft

On 2021-May-12, Bruce Momjian wrote:

> OK, updated text:
> 
>     <listitem>
>     <!--
>     Author: Peter Eisentraut <peter@eisentraut.org>
>     2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
>     -->
>     
>     <para>
>     Change the default of the password_encryption server parameter
>     to scram-sha-256 (Peter Eisentraut)
>     </para>
>     
>     <para>
>     Previously it was md5.    All new passwords will be stored as SHA256
>     unless this server variable is changed or the password is already
>     md5-hashed.  Also, the legacy (and undocumented) boolean-like
>     values which were previously synonyms of <literal>md5</literal>
>     are no longer accepted.
>     </para>
>     </listitem>

Thanks, looks ok as far as what the original point was about.

I have to say that this sentence is a bit odd: "All new passwords will
be stored as sha256 unless ... the password is already md5-hashed".
Does this mean that if you change a password for a user whose password
was md5, the new one is stored as md5 too even if the setting is
scram-sha-256?  Or if "the password" means an old password, then why is
it a new password?

-- 
Álvaro Herrera       Valdivia, Chile