Re: FESCO request to revert password confirmation change in F22

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 06, 2015 at 09:43:33AM -0500, Adam Jackson wrote:
> As resolved by FESCO in our meeting on 4 March 2015, FESCO requests that
> anaconda revert a password behaviour change in the UI from F22,
> restoring the "double-click to confirm weak password" behaviour from F21
> and earlier.

>From what I'm reading in the meeting logs and the ticket comments, it
appears the revert decision is basically a temporary solution and a more
formal security policy will be discussed later.  We had technical arguments
in favor of the change originally, but I have yet to see technical arguments
against the change come together in any sort of concrete policy.

I wish a formal distribution and/or per-variant security policy would come
from FESCo (or a committee directed by FESCo) so we could resolve the
concerns now and going forward.  I don't see the revert decision as being a
good step in that direction, only because there was really no technical
discussion or reasoning around it.

> As for how that's realized: I'm not picky.  If it makes more sense from
> a development or maintenance perspective to keep the revert in fedora
> package git rather than rhinstaller upstream, that's fine; if it makes
> more sense to revert upstream as well, that's fine too.

Without an official policy on the matter and only a temporary solution for
now, upstream won't be changing.  Fedora will need to carry this deviation
as a patch in package git for F-22.

> FESCO is prepared to work with anaconda and other stakeholders to define
> security models for the various Fedora products.  By clarifying our
> needs we hope to avoid this kind of contention in the future.

The discussion for this might as well start now -or- at least early enough
so it's not too late for F-23.

Thanks,

-- 
David Cantrell <dcantrell@xxxxxxxxxx>
Manager, Installer Engineering Team
Red Hat, Inc. | Westford, MA | EST5EDT
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux