Heads up - Anaconda 22.17 will enforce 'good' passwords
Adam Williamson
adamwill at fedoraproject.org
Thu Jan 29 22:18:45 UTC 2015
On Thu, 2015-01-29 at 15:09 -0700, Chris Murphy wrote:
> On Thu, Jan 29, 2015 at 2:23 PM, Adam Williamson <
> adamwill at fedoraproject.org> wrote:
> > Seriously. Stop this. I have already asked people to stop
> > assigning negative motivations to others without due cause. This
> > is not being excellent to each other.
>
> "Your user password for your computer is arbitrarily unacceptable to
> the Fedora Project" is not being excellent either.
Come on, that's sophistry. You can't interpret code as a personal
insult.
(It's not 'arbitrary', anyway. It's using a well-known and widely-used
password quality library.)
>
> >
> > The anaconda-devel-list discussion couldn't really be clearer
> > about the relationship to the Change proposal - the whole thread
> > was kicked off by the Change owner:
> >
> > https://www.redhat.com/archives/anaconda-devel-list/2015-January/msg00026.html
>
> That change proposal was rejected, so how is it that one of its
> proposed changes has managed to make it through to the installer
> barely two weeks later?
It's not actually something that is part of the Change's scope, but an
alternative way to try and achieve the same goal: the overall thought
process was "well, what the Change proposer really wants is to reduce
the likelihood of compromise via password access to the root account,
but no-one was particularly keen on the approach he proposed, so one
different way to do it is to improve the strength of the root
password". As bcl's mail explicitly says:
https://www.redhat.com/archives/anaconda-devel-list/2015-January/msg00030.html
> The substantive discussion on devel@ was centered on the sshd
> portion, not changes to the installer enabling password quality
> enforcement. That happened on anaconda-devel@ which most Fedora
> users don't even monitor let alone participate. The main notice of
> this change actually occurring happened for the first time in test@
> which arguably most users also don't monitor.
If someone's interested in Fedora development, they need to read the
Fedora development mailing lists. *Any* code change is presumably of
interest to someone, or it wouldn't be done in the first place; this
is not a reason for us to go mailing users@ every time someone commits
to anaconda.
You can argue that the change is significant enough to be a Change, I
guess, though personally I don't think it really is, unless it affects
kickstart installs (in which case people would be surprised at their
kickstarts suddenly not working right any more - but I don't think it
does). It's a bit hard to argue about, though, since one of the things
the Change process appears to be missing is an actual definition of
what should be considered to constitute a 'Change', exactly. It's thus
impossible to declare conclusively that X or Y *must* be a Change,
unless FESCo has stated it or something. You can suggest that it
should be, but it's impossible to make a completely definitive
declaration since there's literally no basis on which you could do
that outside of a formal FESCo vote or something.
https://fedoraproject.org/wiki/Changes/Policy
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
More information about the test
mailing list