Guys I think we should take a breather on both sides, all I did was ask for clarification on why it was implemented. While I appreciate it, there's no need to sympathise with me, I don't have any feelings regarding it. Only that me as personal user does not need it. The original somewhat confrontational/ranty email was by someone else. Maybe replying to that was a bad idea since it may have set up the tone for the rest of the conversation.
I think corporate security needs to be prioritised over the slight inconvenience presented to personal users. I think it is okay to be enabled by default. Perhaps maybe a more convenient menu option to turn it off would be nice, (but I am not asking for it maybe I'll get around to it when I have the time.) Peace ✌ On Thu, Jul 25, 2019 at 6:56 PM richard coleman <rcoleman.ascen...@gmail.com> wrote: > Dave, > > There is no attack of any kind in that post. I am sympathizing with > Avin. While I agree that there are use cases where a *master password* > feature > makes sense, I disagree that it is the *majority* of cases, or even > applicable to the *majority* of users. Therefore I believe that it is > *implemented* poorly. If history is any guide there will be plenty more > users stumbling across this list frustrated and just wanting to know how to > 'get rid of' or simply 'turn it off'. > > So where I wrote sympathy and solutions, you choose to see attacks. I > think that says more about you than about myself. > > If the pgAdmin developers want *nothing* but praise and the occasional > sterile bug report they should probably stop reading, or shut down this > list. After all, a link to the redmine bug report page > <https://redmine.postgresql.org> would suffice for the latter. > > Whether writing commercial or open source software, paid or volunteer, > some people are *not* going to agree with your choices or decisions (just > as Linus). As long as we are criticizing the software and not the people > writing it, the software and all of us, end up better for it. > > I hope you take the time to think about what I've written, > > rik. > > > > > On Thu, Jul 25, 2019 at 8:49 AM Dave Page <dp...@pgadmin.org> wrote: > >> Richard, >> >> On Thu, Jul 25, 2019 at 1:08 PM richard coleman < >> rcoleman.ascen...@gmail.com> wrote: >> >>> Avin, >>> >>> I agree, the master password *nonsense* was poorly implemented. I too >>> wish the developers would rethink it. Until then there is a way to disable >>> it by setting an option in a config file. I can provide more details if >>> you would like (or you could look for other more expansive posts by myself >>> on this topic in the list archives). >>> >> >> You've made your feelings known many times now, and we're all well aware >> of them - just as you are aware that there are legitimate security concerns >> that caused it to be implemented (that were raised by end users), ones that >> arguably warrant a medium level CVSS vulnerability score >> (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N), and other concerns such as >> allowing a network administrator to enforce security policy that led to the >> design. >> >> Please refrain from any further remarks that disparage the work of people >> who - in many cases, voluntarily - spend hundreds or thousands of hours of >> their time developing software that you get to use freely. Constructive >> feedback and better yet ideas or code are welcome always, but repeated >> negativity that is borderline ad hominem is not. >> >> -- >> Dave Page >> Blog: http://pgsnake.blogspot.com >> Twitter: @pgsnake >> >>
