Heads up - Anaconda 22.17 will enforce 'good' passwords
Adam Williamson
adamwill at fedoraproject.org
Wed Jan 28 23:17:07 UTC 2015
On Wed, 2015-01-28 at 16:05 -0700, Chris Murphy wrote:
> On Wed, Jan 28, 2015 at 9:53 AM, Brian C. Lane <bcl at redhat.com>
> wrote:
>
> > I *know* this is going to be a bit of a pain to get used to. But
> > the increased security is worth it. Super simple passwords will no
> > longer be allowed, but it is still easy to come up with one that
> > passes the checks. pwgen has lots of suggestions.
>
> It's not worth it. It's a PITA. It's security theater. Windows, OS
> X, Android, iOS - none of these require strong passwords, and the
> last two don't even require passwords at all. The new password
> requirement merely exposes the fact we're deficient in other areas
> of system security, and we're masking that with this insulting baby
> sitting nonsense.
>
> Instead of coercion, it's more polite to call the user names
> (stupid, idiot, moron, imbecile, etc) if they choose weak passwords.
> Name calling is kinder, more convenient, and honest and capitulation
> is optional. This password policy is complete utter bullcrap. This
> doesn't happen on any other OS I use and it pisses me off that
> Fedora is deciding to do this exactly wrong. It's really that
> offensive.
Note that just last release, I managed to get g-i-s changed to allow
'weak' passwords with a warning, in order to be consistent with
anaconda and initial-setup...so now it'll have to get changed back
again.
https://bugzilla.gnome.org/show_bug.cgi?id=735578
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
More information about the test
mailing list