On Thu, Mar 3, 2022 at 4:45 AM Peter Eisentraut <peter.eisentr...@enterprisedb.com> wrote: > > On 02.03.22 16:45, Jonathan S. Katz wrote: > > By that argument, we should have kept "password" (plain) as an > > authentication method. > > For comparison, the time between adding md5 and removing password was 16 > years. It has been 5 years since scram was added.
It's been 7 years since this thread: https://www.postgresql.org/message-id/54dbcbcf.9000...@vmware.com As Jonathan and Stephen and others have said, anyone who wishes to continue using MD5 or other plaintext methods can keep doing that for 5 more years with a supported version of PG. There is no excuse to leave well known, flawed mechanisms in PG16.