I think a "security event driven" change policy would be more effective than an arbitrary change policy driven by a deadline. LinuxCode asked me about this in #fedora-noc after I mentioned: "... there is conflicting evidence (one might call it 'opinion' more than evidence) as to whether frequent changes are effective ... just a thought" The article that precipitated this comment was one published by Bruce Schneier [0]. Again, this is "yet another opinion." SOURCES: [0] http://www.schneier.com/blog/archives/2010/11/changing_passwo.html _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
