On Mon, 2025-06-02 at 10:32 -0500, Nathan Bossart wrote:
> Since MD5 passwords are slated to be marked as deprecated in v18, I
> figured
> it might be a good idea to add a check for roles with MD5 passwords
> to
> pg_upgrade. I'm tempted to suggest that we apply this to v18, but
> I'm
> content to leave it for v19 if nobody feels too strongly about it.
That seems like a reasonable thing to do for v18 to me.
> The one thing I don't like about this check is that it's probably not
> great
> from a security standpoint to effectively announce which roles have
> MD5
> passwords.
Do you have a specific concern, or is that more of a general concern?
> One other thing I noticed is that checks that only emit warnings,
> like
> check_for_unicode_update(), require using --retain in order to see
> the
> generated report file.
Should we automatically retain files associated with warnings, or copy
them to a different location?
Regards,
Jeff Davis
