Dave, There is no attack of any kind in that post. I am sympathizing with Avin. While I agree that there are use cases where a *master password* feature makes sense, I disagree that it is the *majority* of cases, or even applicable to the *majority* of users. Therefore I believe that it is *implemented* poorly. If history is any guide there will be plenty more users stumbling across this list frustrated and just wanting to know how to 'get rid of' or simply 'turn it off'.
So where I wrote sympathy and solutions, you choose to see attacks. I think that says more about you than about myself. If the pgAdmin developers want *nothing* but praise and the occasional sterile bug report they should probably stop reading, or shut down this list. After all, a link to the redmine bug report page <https://redmine.postgresql.org> would suffice for the latter. Whether writing commercial or open source software, paid or volunteer, some people are *not* going to agree with your choices or decisions (just as Linus). As long as we are criticizing the software and not the people writing it, the software and all of us, end up better for it. I hope you take the time to think about what I've written, rik. On Thu, Jul 25, 2019 at 8:49 AM Dave Page <dp...@pgadmin.org> wrote: > Richard, > > On Thu, Jul 25, 2019 at 1:08 PM richard coleman < > rcoleman.ascen...@gmail.com> wrote: > >> Avin, >> >> I agree, the master password *nonsense* was poorly implemented. I too >> wish the developers would rethink it. Until then there is a way to disable >> it by setting an option in a config file. I can provide more details if >> you would like (or you could look for other more expansive posts by myself >> on this topic in the list archives). >> > > You've made your feelings known many times now, and we're all well aware > of them - just as you are aware that there are legitimate security concerns > that caused it to be implemented (that were raised by end users), ones that > arguably warrant a medium level CVSS vulnerability score > (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N), and other concerns such as > allowing a network administrator to enforce security policy that led to the > design. > > Please refrain from any further remarks that disparage the work of people > who - in many cases, voluntarily - spend hundreds or thousands of hours of > their time developing software that you get to use freely. Constructive > feedback and better yet ideas or code are welcome always, but repeated > negativity that is borderline ad hominem is not. > > -- > Dave Page > Blog: http://pgsnake.blogspot.com > Twitter: @pgsnake > >
