On Thu, 2015-03-05 at 09:12 -0700, Kevin Fenzi wrote: > * gnome-keyring? gnome-initial-setup and gnome-control-center. See: https://bugzilla.gnome.org/show_bug.cgi?id=735578 https://bugzilla.gnome.org/show_bug.cgi?id=744735 gnome-keyring would need modified if we want to enforce password strength on e.g. every web site the user wants to save a password for... that would probably reduce security overall as it would discourage the user from using gnome-keyring. Note that in upstream bug #735578 I have failed to build consensus on any form of password strength checking, let alone the strict checking that is done by libpwquality, so there is little chance at this point of GNOME upstream adhering to any policy you come up with. The status quo is that if libpwquality is in the PAM stack, as on Fedora, then gnome-initial-setup is broken, and we will probably change gnome-control-center to break as well (by not enforcing the password strength check that PAM will enforce). This is an unfortunate situation that stems from differing requirements. I don't believe a stronger local password makes the user much safer, and have yet to see arguments to the contrary. Michael
Attachment:
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
