On Thu, Jul 23, 2015 at 2:10 PM, Michael Catanzaro <mcatanzaro@xxxxxxxxx> wrote: > On Thu, 2015-07-23 at 20:32 +0100, Richard Turner wrote: >> I enable SSH on my boxes at home just so that I can access them from, >> e.g. my phone. They're on a closed network, so the security risk is >> minimal even with a weak password (I use keys anyway). I'd not want >> to be forced to change my password just because I've enabled SSH. >> Could we not just warn users about their passwords and leave it up to >> them to do something about it instead of enforcing a stronger policy? > > The problem is that you are a very exceptional case, and in the general > case, if the user gets this wrong the box gets owned by bad guys. > So I think for your case, it would be best to not use the sharing panel. OS X lets me use a single number password and login to that user via ssh. No complaints, not even admonishment or recommendation to use a stronger password, and not even a password quality indicator. And statistically, Mac sales are overwhelmingly laptops. So a lot of these are in cafes on unprotected wifi. I'm missing the logic of how either Fedora itself, or Fedora users, are somehow more prone getting owned in lieu of, what a six character minimum compared to apparently no minimum on OS X? -- Chris Murphy -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
