Hi,
today, Red Hat Bugzilla forced me to change my password because apparently a password of 9 random alphanumeric+symbol characters (1 symbol, 8 mixed-case alphanumeric) is suddenly no longer considered secure enough. This is absolutely ridiculous for a bug tracker. It is not like that password is for a bank account or for a build system (I believe FAS and thus Koji actually has less stringent password security requirements than that!), so how secure does the password really have to be?
I have generated a new 20-character random password with "pwgen -s 20 1", and that is good enough for Bugzilla (but who knows for how long?), but this is absolutely absurd.
Kevin Kofler