On Wed, 11 Mar 2009, Lyos Gemini Norezel wrote: > Mike McGrath wrote: > > On Wed, 11 Mar 2009, Lyos Gemini Norezel wrote: > > > > > > > Mike McGrath wrote: > > > > > > > I think we shouldn't go too far out of our way for people that can't > > > > follow directions. Harsh? Yes, but what we asked of people was > > > > incredibly trivial. I'd be fine with asking people to log in but I'd > > > > think we'll find lots of people find that confusing. Logging in and > > > > setting your password is a task that has a clear begining and end. I > > > > can > > > > see people logging in expecting to see further directions and then > > > > asking > > > > "now what"? > > > > > > > > > > > Why tell them at all? If you change it to 'activity shown on account' > > > (which, > > > IMNSHO, is > > > > > > > NSHO? who are you? > > > > *Sigh*... > > I did not really wish to reveal this, in public, however, since you asked... > > I'm a former blackhat hacker, whom the government has banned from working ANY > security and/or government job. > > Suffice it to say, I understand security (or lack thereof) better than most, > though I may be rusty/out of date in some areas. > > I do not tell you this to brag, I actually regret my past more and more as I > get older. > My 'prior life' has bought me more pain than glory. > I discovered long ago there's no glory in what we do. Gotta fight the good fight just because it's there. > > > the proper way)... the only reason for having people login will be > > > immediately > > > obvious via > > > a properly worded email (ie., "Due to inactivity on your FAS account, your > > > account will be > > > terminated in 1 month, unless the following steps are taken..."). > > > > > > > > > > The only common point of entry for all of our services is the account > > system and people rarely use it without being asked to so we'll still have > > to do some emailing. > > > > > > Aren't pkgdb, koji, bodhi and other services all apart of FAS? > If I'm right here... then I suspect people are logging into FAS more often > than you believe. > Not all of them auth in the same way unfortunately and it's not as quick of a fix as it sounds like. > > > > We've just got so much else to do I'd hate to spend a lot of time and > > > > effort to please a few people that can't spend less then a minute a year > > > > (15 seconds every 2 months) to log in and type their password a couple > > > > of > > > > times and the people that complained couldn't do that. > > > > > > > > > > > Many fail to realize that the same password they used before could be used > > > again. > > > Hence the complaints. > > > > > > > Ehh, no. Almost no one has complained that they actually had to change > > their password to something else. And you can be damn sure I'll spell > > that out explicitly in the next email so everyone gets it. > > > > -Mike > > > > As Toshio has already brought up on this list (after I brought it to his > attention)... people > have a tendency to select progressively weaker passwords every time they are > forced to change one. > > So your idea of 'security' is actually INTRODUCING more holes than it's > plugging. > It's not my idea of security, it's my idea of a task. I just want some concrete thing that has a begining, middle, and end for people to do so we can prune accounts. Logging in and typing your password a couple of time (and keeping it the same thing). Doesn't sound like it's introducing or removing any holes. Sorry to hear you won't be discussing it further. -Mike _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
