FESCo Meeting Minutes (2015-03-04)

Michael Catanzaro mcatanzaro at gnome.org
Thu Mar 5 17:15:01 UTC 2015

On Thu, 2015-03-05 at 09:12 -0700, Kevin Fenzi wrote:
> * gnome-keyring?

gnome-initial-setup and gnome-control-center. See:


gnome-keyring would need modified if we want to enforce password
strength on e.g. every web site the user wants to save a password for...
that would probably reduce security overall as it would discourage the
user from using gnome-keyring.

Note that in upstream bug #735578 I have failed to build consensus on
any form of password strength checking, let alone the strict checking
that is done by libpwquality, so there is little chance at this point of
GNOME upstream adhering to any policy you come up with. The status quo
is that if libpwquality is in the PAM stack, as on Fedora, then
gnome-initial-setup is broken, and we will probably change
gnome-control-center to break as well (by not enforcing the password
strength check that PAM will enforce).

This is an unfortunate situation that stems from differing requirements.
I don't believe a stronger local password makes the user much safer, and
have yet to see arguments to the contrary.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150305/4e0749d4/attachment.sig>

More information about the devel mailing list