On Tue, Jun 03, 2025 at 01:38:49PM +0900, Michael Paquier wrote:
> I'm not sure that this is necessary. Only requiring one to use
> --retain sounds kind of enough to me.
Yeah, maybe we should just leave it alone for now.
> Saying that, warning users if they have MD5 passwords is a good idea,
> because we would already have the code in place to flip it to an error
> once/if MD5 is entirely removed. An upgrade failure retains the log
> and dump folders around, meaning that users would be able to know the
> list of users all the time.
Right. I'll bring this up with the others on the RMT today.
--
nathan