Remove trust_identity_server_for_password_resets

[richvdh]

The trust_identity_server_for_password_resets setting was deprecated in Synapse 1.4.0, nearly two years ago. We should remove the legacy code which supports that option.

[richvdh]

recommend refusing to start if this is set, rather than silently changing behaviour for existing deploys.

[anoadragon453]

Sorry to rain on this parade a bit, but @babolivier could you check whether DINUM still rely on this option? I made a linked (private) issue above that suggests that they do.

[H-Shay]

I have a PR up for this but I can leave it in draft until this gets clarified.

[richvdh]

I think we should go ahead with this on synapse mainline anyway. DINUM are still on a fork, so if this is a real problem for them we can patch out the change there.

[babolivier]

DINUM are still on a fork, so if this is a real problem for them we can patch out the change there.

I disagree. We're currently trying very hard to bring DINUM's fork closer to Synapse, or at least to stop it from diverging too much, and creating a new point of divergence would be counter-productive. If we remove it from mainline, I'd rather we make sure it's not going to bite them next time they update.

[babolivier]

@giomfo and I had a look at Synapse's config for DINUM and it looks like it's be all good to get rid of trust_identity_server_for_password_resets 👍