Do you think this is a security risk and if not is it a bad UI decision?
M. Edward (Ed) Borasky
znmeb at znmeb.net
Sun May 5 18:54:06 UTC 2013
On Sun, May 5, 2013 at 11:35 AM, Adam Williamson <awilliam at redhat.com> wrote:
[snip]
> Look, please, by all means, calmly discuss the merits of the decision.
> Just don't bring into question the motivations of its introduction
> unless you have a damn strong factual basis for doing so.
I maintain an open source project for computational journalists. The
intended deployment model is as virtual machines for people who might
very well be working, as I often do, in coffee shops with unsecured
WiFi and excellent pastries. There are plenty of risks involved
already in that milieu, as noted here:
http://mashable.com/2013/04/27/hacked-starbucks/
Passwords visible for a significant period of time will essentially
render my main modus operandi - installing a virtual machine over the
Internet - too risky in public settings. In the long run I need to
build a better deployment model anyway, and I'm committed to Fedora
going forward on this project for many other reasons. But if I have a
vote, my vote is to eliminate password visibility entirely.
--
Twitter: http://twitter.com/znmeb; Computational Journalism Publishers Workbench
http://j.mp/CompJournBench/
Get out of the building - and don't come back till you have the order!
More information about the devel
mailing list