On Mon, Jun 22, 2026 at 9:49 PM Kyotaro Horiguchi <[email protected]> wrote: > In the password authentication case, the authentication > protocol itself does not use MD5, and MD5 password storage is already > warned about when the verifier is created.
Presumably the verifier was created a while back, though, in the case of an upgrade. Personally I think it makes sense to warn whenever the MD5 hash is used to authenticate. No opinion on the patch implementation, though (cc'd Nathan who might?). --Jacob
