Heads up - Anaconda 22.17 will enforce 'good' passwords

[Adam Williamson]

On Wed, 2015-01-28 at 16:05 -0700, Chris Murphy wrote:
> On Wed, Jan 28, 2015 at 9:53 AM, Brian C. Lane <bcl at redhat.com> 
> wrote:
> 
> > I *know* this is going to be a bit of a pain to get used to. But 
> > the increased security is worth it. Super simple passwords will no 
> > longer be allowed, but it is still easy to come up with one that 
> > passes the checks. pwgen has lots of suggestions.
> 
> It's not worth it. It's a PITA. It's security theater. Windows, OS 
> X, Android, iOS - none of these require strong passwords, and the 
> last two don't even require passwords at all. The new password 
> requirement merely exposes the fact we're deficient in other areas 
> of system security, and we're masking that with this insulting baby 
> sitting nonsense.
> 
> Instead of coercion, it's more polite to call the user names 
> (stupid, idiot, moron, imbecile, etc) if they choose weak passwords. 
> Name calling is kinder, more convenient, and honest and capitulation 
> is optional. This password policy is complete utter bullcrap. This 
> doesn't happen on any other OS I use and it pisses me off that 
> Fedora is deciding to do this exactly wrong. It's really that 
> offensive.

Note that just last release, I managed to get g-i-s changed to allow 
'weak' passwords with a warning, in order to be consistent with 
anaconda and initial-setup...so now it'll have to get changed back 
again.

https://bugzilla.gnome.org/show_bug.cgi?id=735578


-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net