On Tue, 19 Feb 2008 17:28:29 -0500 Bill Nottingham <notting@xxxxxxxxxx> wrote: > David Cantrell (dcantrell@xxxxxxxxxx) said: > > This feature was requested in the RHEL-5 product line, so it only makes > > sense to have it in rawhide. In rawhide, I've modified the root > > password screens in the text and gtk interfaces to let the user select > > the password algorithm. The default is MD5. > > Why not default to whichever is deemed 'most secure', and have it only > frobbable via kickstart for paranoid^Wpower users? I thought about that, but it seems like a reasonable setting to have in the UI. There may be instances where a Fedora users wants to stick with an algorithm other than our default for one reason or another (I have no idea, but there's got to be a reason...copying shadow files among distributions maybe or among different operating systems, using some service that can't--for whatever reason--deal with anything but, say, SHA-256). Also, forcing one particular choice on users seems to go against the whole choice thing in Fedora. I don't think it's wise to take any sides on security issues, especially saying, "we default to X because it's the most secure." It is a battle of not wanting to expose too many choices vs. exposing the choices that make sense. My thought was that if it's only in kickstart, that will annoy Fedora users. They will want the UI method since almost all Fedora users are using the interactive installer. In addition, we get some extra advertisement regarding F-9's secure-isms. Encrypted file systems, more than MD5 for password encodings. Since Linux distribution reviews are only based on the installer anyway, this could help the Fedora image? -- David Cantrell <dcantrell@xxxxxxxxxx> Red Hat / Honolulu, HI
Attachment:
pgp6G7WmzbyMM.pgp
Description: PGP signature
_______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list
