Re: Is "trust" really a good default?

> > IMO, forcing su password at initdb time (allowing blank
> password with
> > a very stern warning) and bumping localhost to auth is the
> right way
> > to go.
>
> This isn't happening for a number of reasons, the most
> obvious being that we cannot require initdb to be run
> interactively.  (That stern warning will not impress /dev/null.)

This is the very reason --pwfile was added. It's not just a win32 fix,
it's a "any packager that needs to run without interactivity" fix. Yes,
you can stick a blank password in there, but again, this is a choice and
not a default in that case.

//Magnus