Comment by johnmaguire

I'm really confused by this interpretation. I see a single comment by the maintainer, saying:

> That mistake was made in the past (#8634), where there was still a lot of usages of a old and announced deprecated method (and even with quite some effort there is).

It was a related, but separate issue, which is perhaps best-described in this upstream issue: https://github.com/python-social-auth/social-core/issues/121...

The "plain" setting jvoison wants to remove is described here: https://security.stackexchange.com/a/218554

I do agree with the maintainer that a discussion is warranted before removing this setting. But I also wouldn't personally have closed the PR while waiting for said discussion to occur - and the maintainer could have created a discussion themselves. They are signaling they don't want this change, full stop.