On Mon, Feb 16, 2015 at 9:18 AM, Miloslav Trmač <mitr(a)redhat.com> wrote:
All of these attempts to change the policy, and individual one-line
patches, show there is a fairly high perceived need to do “something”; our default setup
just isn’t so good that we can confidently leave it unchanged.
And, we actually _could_ improve both the security and usability of the system, with some
We could detect whether a system being installed is a VM. (And someone smarter than me
could maybe figure out a way to test whether a VM is behind local NAT, i.e. a personal or
testing machine, or bridged to a larger network.)
We could disable ssh on interactive installations (if you are installing interactively
you will also run firstboot interactively and can log in interactively and enable ssh
interactively) and enable it on kickstart installations (while still having interactive
installations record a kickstart that disables ssh).
We could figure out a reasonable rate limiting policy for ssh, and depend on it to allow
Ultimately, we could fix the LUKS/system login dual password situation.
And I’m sure there are many other possible improvements.
All of this just takes a willingness to look at a dozen components at a time instead of
at a single one, and a willingness to write patches that sum up to thousand lines instead
of a single five-line patch. Now only if there were anyone able and willing to take this
on; I will ask around but so far I don’t know of anyone with too much free time on their
This is exactly the more important issue that the password change
distracts from. And my objection is, this state of affair hasn't been
presented to the wider community along with the commensurate request
for a change in password policy as a necessary consequence.
In the meantime, there's this distracting resistance to the pw quality
change. Workstation WG has expressed a desire to opt out of this
change. And before the change was announced, in a recent Server SIG
meeting one person suggested longer passwords might be acceptable but
not more complex ones. Therefore it's plausible two product WG's will
express dislike for the change and may even opt out of it. And then
what? What's next?
Assuming admonishing and coercing is ever OK, I'd sooner do it in
favor of cooperation and cohesiveness in Fedora as an OS, rather than
against a scant number of stubborn users who can't take a hint
(literally) about their password quality. The former is a boulder, the
latter is a pebble, but moving that boulder is the real deal by which
eventually we could move mountains. Moving a pebble? It's a
aggravation for essentially zero gain. I think it's silly (and