Re: GSSAPI, SSPI - include_realm default
| От | Magnus Hagander |
|---|---|
| Тема | Re: GSSAPI, SSPI - include_realm default |
| Дата | |
| Msg-id | CABUevEzh=C9ceSJQMJpmf6Qbg5x0OUMZUfrvh_SzQ81ZBf7PRg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: GSSAPI, SSPI - include_realm default (Peter Eisentraut <peter_e@gmx.net>) |
| Ответы |
Re: GSSAPI, SSPI - include_realm default
|
| Список | pgsql-hackers |
<p dir="ltr"><br /> On Dec 9, 2014 10:52 PM, "Peter Eisentraut" <<a href="mailto:peter_e@gmx.net">peter_e@gmx.net</a>>wrote:<br /> ><br /> > On 12/5/14 1:06 PM, Stephen Frost wrote:<br/> > >> I suggest we also backpatch some documentation suggesting that people<br /> > >> >manually change the include_realm parameter (perhaps also with a note<br /> > >> > saying that the defaultwill change in 9.5).<br /> > > I'll work on a patch for back-branches if everyone is alright with this<br />> > patch against master.<br /> ><br /> > I don't think backpatching this is necessary or appropriate.<br />><br /> > First of all, this isn't even released, and it might very well change<br /> > again later. The righttime to publicly notify about this change is not<br /> > before when 9.5 is released.<br /> ><br /> > Also,it's not like people keep re-reading the old documentation in<br /> > order to get updated advice. It might verywell be confusing if stable<br /> > documentation changes because of future events. Users who are<br /> > interestedin knowing about changes in future releases should read the<br /> > release notes of those future releases.<br/> ><br /> > My comment that include_realm is supported back to 8.4 was because there<br /> > is anexpectation that a pg_hba.conf file can be used unchanged across<br /> > several major releases. So when 9.5 comesout and people update their<br /> > pg_hba.conf files for 9.5, those files will still work in old releases.<br />> But the time to do those updates is then, not now.<br /> ><p dir="ltr">I thought the idea was to backpatch documentationsaying "it's a good idea to change this value to x because of y". Not actually referring to the upcoming changedirectly. And I still think that part is a good idea, as it helps people avoid potential security pitfalls. <p dir="ltr">Sonot really a backpatch as so, rather a separate patch for the back branches. (and people definitely reread thedocs - since they deploy new systems on the existing versions...) <p dir="ltr">/Magnus <br />
В списке pgsql-hackers по дате отправления: