On Thu, Feb 5, 2015 at 10:36 AM, Brian C. Lane <bcl@xxxxxxxxxx> wrote: > Next to impossible? Really? I've find it easy to come up with passwords > that work. You think this is easy. Other's don't. It's a condescending, pointless, and unwinnable argument, and it needs to stop. I tried anaconda 22.17. I failed to produce an acceptable 8 character password, and tolerated a 10 character one to appease the installer, which was promptly forgotten 1/2 an hour later. While humorous, it also pissed me off. That's not a good UX by definition but I know you tend to discard negative UX whenever you disagree with the actions of the user. > I don't think we should make it act differently. While the change > request for sshd setup was the initial reason I wrote the changes, I > think that ALL passwords on the system need to be strong these days. You keep trying to frame this as weak vs strong passwords, and that's simply wrong. It's a very weak vs weak password difference, yet it comes with a disproportionate burden on the user. Every single device I own, and even ATMs I don't own, have better security and a truly easy UX than this policy proposes. > I don't find any of the arguments against the change to be compelling. I also notice how many times you defend this policy change with "I". You find it easy, you think it's needed, you find others' arguments uncompelling. It's just more of the same casting aside of user opinions that you merely disagree with. And disagreement with the opinions of others isn't a defense that withstands scrutiny. Do you find it conspicuous that in a ~70 email thread that no one except you has posted in favor of the change? The strongest statement in favor of it that I've read, other than yours, is from sgallagh, in the Server WG meeting minutes. [1] 16:34:28 <sgallagh> A more reasonable approach would be to just enforce a better root password (not more complex, just longer) Adamw's hyperbole notwithstanding, his sentiment in that same meeting is compatible with mine: quit job, and buy a yak farm instead of typing long passwords a dozen fking times a day. I surmise the Server WG would reject the current behavior in 22.17 also due to the (capricious) complexity required, and if so there wouldn't be a misalignment requiring separate behavior between Server and Workstation. >We should be > encouraging them to choose stronger passwords and we should remember > that we're not the only people running Fedora. Encourage: - give support and advice to (someone) so that they will do or continue to do something Coerce: - persuade (an unwilling person) to do something by using force or threats 22.17 forces me to use a weak instead of very weak password, or I'm disallowed from installing. That behavior meets the definition of coercion, not encouragement. [1] http://meetbot.fedoraproject.org/fedora-meeting-1/2015-01-13/fedora-meeting-1.2015-01-13-16.00.log.html -- Chris Murphy _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list
