On 5/3/13 10:58 PM, Matthew Garrett wrote: > On Fri, May 03, 2013 at 08:52:25PM -0700, Dan Mashal wrote: >> On Fri, May 3, 2013 at 8:51 PM, Matthew Garrett <mjg59@xxxxxxxxxxxxx> wrote: >>> And if the maintainers feel more than justified in closing it again? >>> Bugzilla isn't a discussion forum. If disagree with a deliberate policy >>> decision, discuss it on an appropriate mailing list. >> >> Isn't that what we're doing? That's exactly the point of this email thread. > > No, this isn't the most appropriate mailing list for the discussion - > anaconda-devel-list is a better choice if you want to interact with the > people who actually work on that code. In any case, I was disagreeing > with Rahul's assertion that he was justified in re-opening a bug merely > because he disagreed with a design choice. Matthew, with all due respect the tone of the bug doesn't make me think that there is a lot of interest in discussion from the developers. Whether or not bugzilla was the right place to start it, the early discussion went something like this, mostly paraphrased. Q: This seems to be a bug. My password is visible while I type it. I'm surprised. Is this a bug? A: It's not a bug. It's intentional. "There's quite a few papers about this right now." Q: Link? A: Google it. At this point things may have turned a bit south. If there is active research or new thinking on this aspect of security, it should be part of the discussion. If there's precedent, it's worth noting specifically. That's the transparent, open approach. This isn't about the placement of a widget; this is about someone's password in clear text. It's worth having a broader discussion about the implications. If this had been on the anaconda list, most impacted parties would not have seen it. Speaking for myself, I'm glad it was brought up here. The principal of least surprise is a good one. I think this change breaks it. What is the downside to defaulting to a hidden PW, with an opt-in mechanism to display the password as it's typed? The downsides of defaulting to cleartext have been noted, and to me are quite self-explanatory. On the other hand, if it's the right thing to do, then it needs to be done for GUI password change dialogs and the passwd command should be updated as well, for consistency, no? -Eric -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel