Heads up - Anaconda 22.17 will enforce 'good' passwords
Matthias Clasen
mclasen at redhat.com
Mon Feb 2 02:53:05 UTC 2015
On Fri, 2015-01-30 at 14:03 -0800, Adam Williamson wrote:
> I think the main point is the one nirik made; I don't think the devs
> agree with your assessment of how significant this is. It's a minor
> inconvenience; you just have to come up with a password that passes
> the check, or use a kickstart. So I don't think they agree that it
> needs a full-blown security audit and FESCo review or whatever,
> because they don't think it's really that huge of a change in
> behaviour.
Having to come up with a password that passes the check is not 'a minor
inconvenience'. Given how capricious libpwquality is about scoring
(there have been some examples in this thread, there are more in
gnome-initial-setup bugs), it is next to impossible.
This discussion has been pretty heated, but I agree with there being
some aspect of 'collective punishment' here: just because _some_ systems
get installed with sshd enabled, all users who install the Workstation
have to spend a couple of frustrating minutes trying to find a password
that gets them past this hurdle.
If this change stays, I anticipate the Workstation WG asking for a way
to the workstation installer not enforce this. I know the anaconda folks
are not eager to add variations like this, but that is exactly what we
need: If you want to enforce product-specific policy in the installer,
it needs to be a product-specific installer.
More information about the test
mailing list