Re: Password identifiers, protocol aging and SCRAM protocol

On 10/15/2016 04:26 PM, Michael Paquier wrote:
>> * Now that we don't call random() in postmaster anymore, is there any point
>> in calling srandom() there (i.e. where the above incorrect comment was)?
>> Should we remove it? random() might be used by pre-loaded extensions,
>> though. (Hopefully not for cryptographic purposes.)
>
> That's the business of the maintainers such modules, so my heart is
> telling me to rip it off, but my mind tells me that there is no point
> in making them unhappy either if they rely on it. I'd trust my mind on
> this one, other opinions are welcome.

I kept it for now. Doesn't do any harm either, even if it's unnecessary.

>> * Should we backport this? Sorry if we discussed that already, but I don't
>> remember.
>
> I think that we discussed quickly the point at last PGCon during the
> SCRAM-committee-unofficial meeting, and that we talked about doing
> that only for HEAD.

Ok, committed to HEAD.

Thanks!

- Heikki