On Thu, Mar 5, 2015 at 8:41 AM, Adam Jackson <ajax@xxxxxxxxxx> wrote: > On Thu, 2015-03-05 at 00:45 +0100, Kevin Kofler wrote: >> Adam Jackson wrote: >> > * #1412 anaconda password change is causing consternation among the user >> > community please review this policy decision (ajax, 18:24:10) >> > * AGREED: FESCo would like anaconda to turn back on the "double-done" >> > option for Fedora 22. >> >> Thanks! >> >> > Better solutions should be investigated for F23. (ajax, 18:43:33) >> >> What better solutions? What password I pick should be none of the >> installer's business. > > False. It's entirely reasonable for a product to mandate an appropriate > security policy, Ajax, when you say things like this, this is what it sounds like "Hey, nice football you have there. Guess what? I'm gonna TAKE THAT BALL FROM YOU!!" I consider this an invitation to scrimmage. How serious does a random person take a game? You don't really know how seriously they take it, do you? How dirty will they get? Is mud OK? Cuts and scrapes? Elbows to the face? This is why there are rules so both parties know how bad it could get in advance, and know whether the game is worth playing or not. There is no actual game here, because it hasn't been played in something like 30 years. The user has the ball when it comes to their devices. It's completely ceded, the ship has sailed, no one touches this in any meaningful way. The most significant change to password enforcement in this time? Mobile. No lock even required. How about websites? They have a ball sharing program. The rules are clearly stated in advance. I cede that the site has a lot to lose in reputation if my account is breached, and even my friends, family, and the site's customers can be at risk too. So even if I don't like all the rules, I tacitly accept the ultimate authority, and the higher password burden. Their system isn't really my device after all is it? My device? I have the ball. You wanna try and take it away from me? *grin* I'm not daring you or anything. This wasn't my idea. I really don't want to fight. But when you say "appropriate" as an adjective, I hear it as a verb which means to take something away without my permission. And since this game hasn't, to my knowledge, ever been played before, what are the rules? How vicious will it get? Are you really prepared to find out? How well do you take elbows to the face? I think I can take them pretty well. Do you not see the escalating can of worms, just by the choice of language you've selected? It's asking for a fight whether you recognize it or not, whether you intend it or not. Maybe you're just confused. Maybe Anaconda thought I really wasn't that attached to the ball, because they don't get outdoors all that much. But it was all just a simple misunderstanding. No harm done! I think Fedora users are more well grounded than their Windows and OS X counterparts. Apple, Microsoft, Google, they haven't dared to look the user in the eye and suggest the ball isn't theirs when it comes to their own device. Bet they've looked into it. If they were to do what Anaconda just did (and, that's twice now), I'd expect entire new categories of profanity being invented overnight. I'd expect those companies would prefer a zombie apocalypse, hindsight being 20/20 and all. So. Ajax. I see you looking at my ball. Now I understand for legacy/historical reasons, the installer sets the password as a practical matter because there hasn't been a first boot setup program that does this. That's entirely different from a minimum password quality enforcement policy. The best we can do in the area of passwords is make them unnecessary; second best is something like an OpenSCAP application that can run on any DE that helps the sysadmin (who by in large is the single user for the system) do a better job setting strong passwords and disabling risky services, etc. But right now Fedora is being really dissonant, because we're suggesting a fight with the user after decades of giving up on that battle. Really? Why now? Meanwhile, Fedora enables sshd on Server by default. That's opt out, not opt in. By making sshd disabled by default it puts in on par with the password: both become opt in, both states are transparent to the user. You do not get to hand waive about risky services that are silently enabled by default while blaming the user (for their password as well as not disabling a service they didn't know was on in the first place). OK please stop looking at my ball, you're making me nervous. We do have serious problems, and we really need a big picture OS overview for making secure systems the default, and more easily hardening them further. But right or wrong, irrational or not, the way you get possession of this particular ball isn't to take it. You have to make the user hand it to you. If you do this correctly, they will, if it's even necessary. But if you try to take it from them, it will thwart all other efforts. -- Chris Murphy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct