On Mon, Jul 27, 2015 at 8:06 AM, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > On Fri, Jul 24, 2015 at 01:01:47PM -0600, Chris Murphy wrote: >> Mac users less advanced than Fedora users, but Fedora users not body >> armor. And not just available and suggested, they have to put it on. I >> just... it's totally baffling to me. I really do not get it. > > I guess... I don't feel personally responsible for what happens to the > Mac users? Why do you feel responsible for the behavior of Fedora users? > >> I'm not asking where the fire is, because I'm still waiting for >> someone to point out the smoke. > > I've been a sysadmin for long enough in environments which burned to > the ground over this. I don't think it's that hard to be _minimally > responsible_. Are you saying that best practices were followed in all other ways in those environments, except for password quality? Why is password quality being targeted rather than the number of ssh attempts being set to e.g. 3 per minute, by default? And does this sufficiently mitigate the concern, and if not, why not? Whatever minimum quality is arrived at for Fedora 23 will likely be obsolete for Fedora 24, certainly obsolete for Fedora 25. So at least it's annual discussions to raise the minimum password quality. That's how fast the minimum is escalating, once you choose to become responsible for the behavior of others' login passwords. So no, I don't think it's easy. I think it's easier to choose things that don't require much discussion because they have next to no impact on legitimate usage, even if they take more work to build. At least the work goes into building real defenses rather than arguing about fake ones. And I think password quality for logins it's completely fake - it's a distraction. And I think that because of the example I made previously - Apple doesn't give a crap about password quality and yet that world isn't burning. Why not? Clearly it's not about the password quality enforcement because they have none. -- Chris Murphy -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/desktop
