Thread: Re: pg_upgrade: warn about roles with md5 passwords
On 02.06.25 17:32, Nathan Bossart wrote: > Since MD5 passwords are slated to be marked as deprecated in v18, I figured > it might be a good idea to add a check for roles with MD5 passwords to > pg_upgrade. I'm tempted to suggest that we apply this to v18, but I'm > content to leave it for v19 if nobody feels too strongly about it. I tend think pg_upgrade should stick to checking things that are necessary for the upgrade to succeed. It shouldn't start being an interactive portal to the release notes for aspects that are merely recommendations. I'm not necessarily against having such a facility somewhere. But not everyone uses pg_upgrade, and not every user of pg_upgrade reads all the messages.
On Wed, Jun 4, 2025 at 10:15:49PM +0200, Peter Eisentraut wrote: > On 02.06.25 17:32, Nathan Bossart wrote: > > Since MD5 passwords are slated to be marked as deprecated in v18, I figured > > it might be a good idea to add a check for roles with MD5 passwords to > > pg_upgrade. I'm tempted to suggest that we apply this to v18, but I'm > > content to leave it for v19 if nobody feels too strongly about it. > > I tend think pg_upgrade should stick to checking things that are necessary > for the upgrade to succeed. It shouldn't start being an interactive portal > to the release notes for aspects that are merely recommendations. I'm not > necessarily against having such a facility somewhere. But not everyone uses > pg_upgrade, and not every user of pg_upgrade reads all the messages. Yes, combine that with the fact that most people don't see pg_upgrade output, and the case is even less positive. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.
On Wed, Jun 04, 2025 at 04:46:52PM -0400, Bruce Momjian wrote: > On Wed, Jun 4, 2025 at 10:15:49PM +0200, Peter Eisentraut wrote: >> I tend think pg_upgrade should stick to checking things that are necessary >> for the upgrade to succeed. It shouldn't start being an interactive portal >> to the release notes for aspects that are merely recommendations. I'm not >> necessarily against having such a facility somewhere. But not everyone uses >> pg_upgrade, and not every user of pg_upgrade reads all the messages. > > Yes, combine that with the fact that most people don't see pg_upgrade > output, and the case is even less positive. Okay, I'm getting the feeling that we should leave things as-is for v18 and revisit 0002 (warning every time someone logs in with an MD5 password) down the road. When we do remove MD5 password support, pg_upgrade will need this check, but that's probably a few releases away still. -- nathan
> On 4 Jun 2025, at 22:15, Peter Eisentraut <peter@eisentraut.org> wrote: > I tend think pg_upgrade should stick to checking things that are necessary for the upgrade to succeed. It shouldn't startbeing an interactive portal to the release notes for aspects that are merely recommendations. Agreed, I was going to support this warning but this comment convinced me otherwise. pg_upgrade is messy as it is without tasking it with more usecases. -- Daniel Gustafsson