On Fri, 2015-03-06 at 10:52 -0500, David Cantrell wrote: > I wish a formal distribution and/or per-variant security policy would come > from FESCo (or a committee directed by FESCo) so we could resolve the > concerns now and going forward. I don't see the revert decision as being a > good step in that direction, only because there was really no technical > discussion or reasoning around it. Speaking only for myself: yeah, I didn't like it either. I voted against it (asking for a revert) in the 28 February meeting because I was hoping the engineering teams actually involved would be willing to work with each other. That appears not to have happened, which I consider deeply disappointing all around. There wasn't _no_ technical discussion. Plenty of people were willing to point out that pwquality being overzealous was making it reject passwords that would otherwise have passed on F21, or would be expected to be "sufficiently strong" according to whatever metric. Plenty of people were willing to point out the ways policy might vary here depending on the deployment scenario. But nobody was willing to make those ideas manifest in, you know, code. So the technical consideration (I felt) we were left with was not "regressing" relative to F21. That is a stunningly weak justification, given that what we're regressing from wasn't especially well-defined and that we change plenty of things in every release, but here we are. > > FESCO is prepared to work with anaconda and other stakeholders to define > > security models for the various Fedora products. By clarifying our > > needs we hope to avoid this kind of contention in the future. > > The discussion for this might as well start now -or- at least early enough > so it's not too late for F-23. Indeed. I'll bring this back to fesco to find someone to head this up. - ajax -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct