Do you think this is a security risk and if not is it a bad UI decision?

Gregory Maxwell gmaxwell at gmail.com
Sun May 5 05:27:32 UTC 2013


On Sat, May 4, 2013 at 11:06 AM, T.C. Hollingsworth
<tchollingsworth at gmail.com> wrote:
> More to the point, the vast majority of the other software *in Fedora*
> that accepts passwords for any reason hides the passwords as they are
> typed.  If this is really broken (and who knows; neither side has
> really produced much in the way of science), it needs to be fixed in
> GTK (and Qt, and `passwd`, and a bunch of other places), not papered
> over in anaconda.

Without intending to express any support for the change, I do think
it's important to
point out that anaconda is not the same as most of these other cases
because there
is substantial potential for keyboard mapping error. Most of the other
contexts you've
named are on an already running system where its harder to notice that your
keyboard mapping is screwy.

(OTOH, the stakes for a keyboard-remap-password-loss incident couldn't be
lower than during install— at worst you're confused as a result and have to
reinstall, but you don't lose data)


More information about the devel mailing list