Do you think this is a security risk and if not is it a bad UI decision?

Pete Travis lists at
Sat May 4 04:54:34 UTC 2013

On Fri, May 3, 2013 at 9:40 PM, M. Edward (Ed) Borasky <znmeb at>wrote:

> I didn't notice this the last time I did an install. But yes, it's a
> *problem* if it does that. I'll upvote or whatever if someone re-opens; I
> do so many installs in coffee shops that I would flat out not use a distro
> that did this!

Regardless of the arguments for either position, whether for ease of use
pseudosecurity or for peace of mind and tradition, I think the above will
be the
from the world at large.  There may be valid and convincing reasons to
obfuscating passwords, but doing so would put Fedora supporters in the
position of
presenting those justifications regularly.

Personally, I think it presents a false sense of security, and any valid
concerns can
easily be rectified by changing the password after installation.  However,
**expect** that security, and the result of removing it will be calamitous.
We'll get
lambasted by the tech press, flamed on user forums, and dejected
head-shaking in
server rooms.  Opportunities to provide a righteous counterargument will be
few and
readily dismissed.

I'll make a small concession here. The demographic most affected by the
I'm describing are casual or inexperienced users, and not part of Fedora's
user base.    Keep in mind that these users are also prospective Fedora
users, and
have the potential to gain experience, become proficient, and perhaps even
active contributors.

People **will** bitch about being able to read the password as they type
it.  "Any
is Good Press" is a bromide that Fedora shouldn't test.

- Pete Travis
 - Fedora Docs Project Leader
 - 'randomuser' on freenode
 - immanetize at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the devel mailing list