On 02.03.22 15:16, Jonathan S. Katz wrote:
I find that a lot of people are still purposely using md5. Removing
it now or in a year would be quite a disruption.
What are the reasons they are still purposely using it? The ones I have
seen/heard are:
- Using an older driver
- On a pre-v10 PG
- Unaware of SCRAM
I'm not really sure, but it seems like they are content with what they
have and don't want to bother with the new fancy stuff.
What I'm proposing above is to start the process of deprecating it as an
auth method, which also allows to continue the education efforts to
upgrae. Does that make sense?
I'm not in favor of starting a process that will result in removal of
the md5 method at this time.