On Tue, Nov 28, 2023 at 12:24 PM Stephen Frost <sfr...@snowman.net> wrote: > I don’t know what they’re doing now, as you don’t say, and so I really > couldn’t say if ldap is better or worse for them. In some cases, sure, > perhaps ldap is better than … something else,
That's EXACTLY right. You can't say whether LDAP is better or worse in every scenario. And therefore you should not be proposing to remove it. >> I think that is, to borrow a phrase from Tom, arrant nonsense. Sure, >> MD5 authentication has a pass-the-hash vulnerability, and that sucks. > > So, given that we all agree with the CVE-worthy issue that exists with every > release where we include md5 auth, we should be applying for q CVE prior to > each release, no? You know, I said in my previous email that you were so sure that you were right that there was no point in trying to have a serious discussion, and I can't really see how you could have proved that point more thoroughly than you did here. You twisted my words around to make it seem like I was agreeing with your point when you know full well that I was doing the exact opposite of that. Please don't do that. -- Robert Haas EDB: http://www.enterprisedb.com
