Do you think this is a security risk and if not is it a bad UI decision?

Kevin Fenzi kevin at scrye.com
Sat May 4 22:42:58 UTC 2013


On Sat, 4 May 2013 15:22:01 -0700
Dan Mashal <dan.mashal at gmail.com> wrote:

...snip...

> 
> On Sat, May 4, 2013 at 9:35 AM, Adam Williamson <awilliam at redhat.com>
> wrote:
> > http://it.slashdot.org/story/13/05/04/1248242/fedora-19-to-stop-masking-passwords
> >
> > Well, that escalated quickly.
> 
> As it should have.
> 
> So where do we go from here? I think the vast majority of people here
> have agreed that this was wrong. I guess does this now go to FESCo and
> let a few people vote on it?

IMHO, no. 

You posted this on friday afternoon, Rauhl re-opened the bug
friday night. I suspect many anaconda folks have not even seen this
discussion or the bug reopening yet. Is there some massive hurry here?

Lets see what anaconda developers say based on the feedback
and see if they would like to revisit the change or if they still wish
to keep it. Or perhaps they wish more information or feedback. 
Or perhaps they will revisit it and solve it some other way. There's
lots of options there. 

If they do decide to keep the change, you could escalate it to FESCo. 
However, (speaking only for myself here) I would be VERY reluctant to
override maintainers on their packages on something that is a design
decision/judgement call. Where would we draw the line? 
 
> Why can't there  be a wider community approval be able to vote on
> things like this? As I stated earlier there are a list of things that
> have changed without any real widespread community approval.

Fedora isn't a direct democracy, and I don't think such a model would
work well at all. Especially when it comes to how maintainers or
people doing the work spend their time. I think it's great to bring up
things like this and ask they be reconsidered, but mob rule isn't a
good model. 
 
> I kind of feel helpless, and powerless.

I'm sorry to hear it. You brought up discussion, have some patience? 

> Great. I brought the attention to a wider audience and the general
> public and something may or may not get done about it, but what about
> the next UI change I think is ridiculous or the ones I think that
> already are?

Perhaps engage with the folks making those changes and offer to help
out or provide more direct feedback? 
 
> I don't feel like if I filed a bug anything would get done about it
> besides a "too bad" response.
> 
> I'm really lost.

Bugs can and do get things changed, but the ones that do are ones with
well reasoned arguments or citations. 

I'm sure it will work out in the end... :) 

kevin


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20130504/03f9c678/attachment.sig>


More information about the devel mailing list