Heads up - Anaconda 22.17 will enforce 'good' passwords

Chris Murphy lists at colorremedies.com
Thu Jan 29 23:53:59 UTC 2015 

On Thu, Jan 29, 2015 at 4:32 PM, Adam Williamson
<adamwill at fedoraproject.org> wrote:
> On Thu, 2015-01-29 at 16:24 -0700, Chris Murphy wrote:
>>
>> > It's not actually something that is part of the Change's scope,
>> > but an alternative way to try and achieve the same goal: the
>> > overall thought process was "well, what the Change proposer really
>> > wants is to reduce the likelihood of compromise via password
>> > access to the root account, but no-one was particularly keen on
>> > the approach he proposed, so one different way to do it is to
>> > improve the strength of the root
>> > password". As bcl's mail explicitly says:
>> >
>> > https://www.redhat.com/archives/anaconda-devel-list/2015-January/msg00030.html
>>
>> That's not the point at all, which is, is it correct policy to
>> activate a sub-change in a rejected change proposal?
>
> It's *not* a sub-change in a rejected change proposal. It wasn't part
> of the rejected change proposal at all.

That'd seem to make it less appropriate of a change. However, what I'm
drawing on from that proposal is:

Scope
Proposal owners: to communicate with the Fedora maintainers of
packages: Anaconda, OpenSSH, GNOME, etc.
Other developers: packages like Anaconda, GNOME etc. need to update
their workflow to enable compulsory non-root user account creation and
ensure good password strength for it.



>
>> And is it prudent to dig heels in when there's been more negative
>> feedback on that change presented on anaconda-devel@ and test@ than
>> positive? I can't even find positive feedback except from the
>> original change owner.
>
> Um. Take a step back, relax, and look at the timeframe here.
>
> bcl mailed the list *yesterday*. He hasn't posted back to the thread
> since. You should give someone a hell of a lot more than one day
> before you start talking about 'digging heels in'.

Um, you realize that correcthorse is disqualified even though it's
more than 8 characters, right?


>
>> I was thinking of this one
>>
>> http://fedoraproject.org/wiki/Features/Policy/Definitions
>
> that whole thing is obsolete, the Change process replaced the Feature
> process. Nothing with 'Feature' in its URL is current any more.

Is there a bit recycling program?


-- 
Chris Murphy

More information about the test mailing list