On Wed, 2009-11-18 at 02:24 -0500, Caleb Cushing wrote: > > Oh no. It has been 1 day and my "bug" is not fixed! I must blog about it so > > the world listens to me... > > also no one has presented a /good/ reason for not fixing it, only > reasons they don't think it should be fixed. you could do abc or d > things that I can think of... but no one has said why security > shouldn't be tighter for kde. what's the negative impact? why aren't > failed logins being logged right now? why can users login if they have > an account but no valid shell? seriously? what's the reason that this > should not be fixed? that there MAY be acceptable alternatives? I > dont' find the GUI option acceptable, because it's too kde specific, > and (probably) doesn't affect a thing if I change login managers. only > one of the options you suggest actually do what I need to do... but > for some reason it didn't take immediate effect when I tried it. <snip> Minimal modification of packages. Allow users to choose for themselves instead of doing work for them. I fail to see the security implications here for the common user, why would someone want to lock out a user without deleting the account except a system admin, who presumably would know what to do and would not need a 'simple one-step process'. I'd wager most Arch users simply have 1 account they use all the time, and perhaps a guest account for others to use. This isn't a security hole, and it isn't the responsibility of Arch devs to make decisions for the users except in extreme cases.
