> On 14 Nov 2025, at 11:47, Michael Banck <[email protected]> wrote: > while looking through postgresql.conf on PG18, I noticed that > password_encryption mentions md5 as valid alternative to scram-sha-256. > I think it would be useful to mention md5 is deprecated so that people > looking at it (but have otherwise not gotten the memo) will realize and > hopefully act on it.
No objection. I suspect the overlap between users who don't read release notes and users who read .conf.sample comments closely is pretty small, but it certainly won't hurt. -#password_encryption = scram-sha-256 # scram-sha-256 or md5 +#password_encryption = scram-sha-256 # scram-sha-256 or (deprecated) md5 #scram_iterations = 4096 #md5_password_warnings = on Maybe this should be combined with a comment on md5_password_warnings as well? -- Daniel Gustafsson
