Do you think this is a security risk and if not is it a bad UI decision?

Adam Williamson awilliam at redhat.com
Mon May 6 16:38:47 UTC 2013


On Mon, 2013-05-06 at 11:43 -0400, Rahul Sundaram wrote:
> On 05/06/2013 10:48 AM, Miloslav Trma─Ź wrote:
> 
> > 
> > On Sat, May 4, 2013 at 6:31 AM, Rahul Sundaram wrote:
> >         On 05/04/2013 12:24 AM, Eric Sandeen wrote:
> >                 On the other hand, if it's the right thing to do,
> >                 then it needs to be done for GUI password change
> >                 dialogs and the passwd command should be updated as
> >                 well, for consistency, no?
> >         
> >         
> >         On a related note, Anaconda,  GNOME, KDE etc seems to be
> >         relying on different rules about what an acceptable password
> >         is.  We really need to settle on one library and provide a
> >         consistent way to tweak it.
> > "Everything" (certainly Anaconda and GNOME, not sure about KDE) is
> > supposed to use libpwquality.  Is that not so?
> > 
> 
> They are definitely not enforcing the same rules. 

One obvious area of inconsistency is that some of the tools _warn_ on
weak passwords, and some _block_ on weak passwords. We should
standardize on one or the other of those.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net



More information about the devel mailing list