On Fri, Mar 06, 2015 at 09:43:33AM -0500, Adam Jackson wrote: > As resolved by FESCO in our meeting on 4 March 2015, FESCO requests that > anaconda revert a password behaviour change in the UI from F22, > restoring the "double-click to confirm weak password" behaviour from F21 > and earlier. >From what I'm reading in the meeting logs and the ticket comments, it appears the revert decision is basically a temporary solution and a more formal security policy will be discussed later. We had technical arguments in favor of the change originally, but I have yet to see technical arguments against the change come together in any sort of concrete policy. I wish a formal distribution and/or per-variant security policy would come from FESCo (or a committee directed by FESCo) so we could resolve the concerns now and going forward. I don't see the revert decision as being a good step in that direction, only because there was really no technical discussion or reasoning around it. > As for how that's realized: I'm not picky. If it makes more sense from > a development or maintenance perspective to keep the revert in fedora > package git rather than rhinstaller upstream, that's fine; if it makes > more sense to revert upstream as well, that's fine too. Without an official policy on the matter and only a temporary solution for now, upstream won't be changing. Fedora will need to carry this deviation as a patch in package git for F-22. > FESCO is prepared to work with anaconda and other stakeholders to define > security models for the various Fedora products. By clarifying our > needs we hope to avoid this kind of contention in the future. The discussion for this might as well start now -or- at least early enough so it's not too late for F-23. Thanks, -- David Cantrell <dcantrell@xxxxxxxxxx> Manager, Installer Engineering Team Red Hat, Inc. | Westford, MA | EST5EDT -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
