On Fri, 2015-01-30 at 14:49 -0700, Chris Murphy wrote:
I just don't see any consideration here except specious statements
like better security is always a plus. That was the summary extent
of the entire decision making process.
Well, no, AFAICS there isn't anything like that. It was a fairly
lightly considered change. The threat it's primarily addressing is
that sshd with password login is enabled out of the box in at least
some of the configurations anaconda deploys, and is therefore
vulnerable to brute force attacks. Secondarily it's about local user
accounts.
I think the main point is the one nirik made; I don't think the devs
agree with your assessment of how significant this is. It's a minor
inconvenience; you just have to come up with a password that passes
the check, or use a kickstart. So I don't think they agree that it
needs a full-blown security audit and FESCo review or whatever,
because they don't think it's really that huge of a change in
behaviour.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net