On Sun, May 5, 2013 at 11:35 AM, Adam Williamson awilliam@redhat.com wrote:
[snip]
Look, please, by all means, calmly discuss the merits of the decision. Just don't bring into question the motivations of its introduction unless you have a damn strong factual basis for doing so.
I maintain an open source project for computational journalists. The intended deployment model is as virtual machines for people who might very well be working, as I often do, in coffee shops with unsecured WiFi and excellent pastries. There are plenty of risks involved already in that milieu, as noted here: http://mashable.com/2013/04/27/hacked-starbucks/
Passwords visible for a significant period of time will essentially render my main modus operandi - installing a virtual machine over the Internet - too risky in public settings. In the long run I need to build a better deployment model anyway, and I'm committed to Fedora going forward on this project for many other reasons. But if I have a vote, my vote is to eliminate password visibility entirely.