On 9/17/19 1:09 PM, Peter Eisentraut wrote:
>> * Client- and server-side encryption for authentication using GSSAPI
>
> This is on the wire encryption, so I don't know why it says client-side
> and server-side. Proposal:
>
> * Encrypted TCP/IP connections using GSSAPI encryption
+1, though I would s/GSSAPI encryption/ with s/GSSAPI authentcation/
> in the major features section, and later
>
> * Add GSSAPI encryption support (Robbie Harwood, Stephen Frost)
Perhaps "* Add encrypted connection support for GSSAPI authentication
(Robbie Harwood, Stephen Frost)"
> This allows TCP/IP connections to be encrypted when using GSSAPI
> authentication without having to set up a separate encryption facility
> like SSL.
+1.
>> * Discovery of LDAP servers if PostgreSQL is built with OpenLDAP
>
> I would remove the "if" part from the major features list, since it's a
> qualification of minor importance. Instead I'd write something like
>
> * Discovery of LDAP servers using DNS SRV
>
> which is a clearer concept that people can easily recognize.
I agree it's clearer, I'm not sure if the OpenLDAP semantic above
changes things? I'm not sure the relative frequency of PostgreSQL being
built with OpenLDAP vs. other LDAP libs.
Regardless, I do like your change and would +1 it.
Would you like me to make a patch for it or are you planning to?
>> * Allow data type name to use non-C collations
>
> I'm not sure why that is listed in the "Migration" section.
>
> It's also a bit confusing as a release note item relative to PostgreSQL
> 11. I believe the changes were that "name" was made collation aware and
> that the collation was set to "C" in the system catalogs (which is a
> separate item later). This group of items could use a reshuffling.
I can't make an informed opinion on this one, so I defer to the experts.
Thanks!
Jonathan