FESCO request to revert password confirmation change in F22

Miloslav Trmač mitr at redhat.com
Sat Mar 7 00:19:02 UTC 2015

> On Fri, Mar 06, 2015 at 09:43:33AM -0500, Adam Jackson wrote:
> > As resolved by FESCO in our meeting on 4 March 2015, FESCO requests that
> > anaconda revert a password behaviour change in the UI from F22,
> > restoring the "double-click to confirm weak password" behaviour from F21
> > and earlier.
> From what I'm reading in the meeting logs and the ticket comments, it
> appears the revert decision is basically a temporary solution and a more
> formal security policy will be discussed later.  We had technical arguments
> in favor of the change originally, but I have yet to see technical arguments
> against the change come together in any sort of concrete policy.

There were quite a few use cases that just don’t warrant that strong a password, and where the insistence on a strong password is only annoying.  Even if we completely discounted the Fedora testers, there are personal VMs, and there is Workstation with disabled ssh.  Are these not “technical arguments against the change”?

Sure, they are disconnected and don’t come packaged in a neat distribution-wide policy, but then neither does the anaconda change.

More information about the devel mailing list