On Fri, 2016-10-07 at 15:56 +0200, Hans de Goede wrote: > So can we get this fixed please, or do we need to escalate > this all the way up to FESco again ? Hi, The status quo is that we are not in compliance with FESCo's policy [1], which clearly applies to all tools that change passwords and not just anaconda, but we can't change anything in GNOME until libpwquality stops blocking weak passwords via its PAM module, since we ultimately shell out to passwd to implement that (for auditability). (Actually, I think gnome-initial-setup does not use passwd, but gnome-control-center definitely does, and we are not going to implement different password checking behavior between the two of them.) I informed FESCo of this at the time of their decision, and reminded them in the original ticket a month or two ago. At any rate, it's been this way for several releases now, so I don't want to change anything in F25 this late in the game, but it would be nice to fix in the F26 timeframe. I don't want to work on the PAM module, but if somebody else fixes it, then send me a ping and I'll try to update gnome-initial- setup and gnome-control-center to comply with the policy. But there is one more issue. FESCo's policy actually requires that only admin users (wheel users, including the initial user account) would be able to set weak passwords, and that unprivileged users should be blocked from doing so. Again, this is not currently possible to implement in GNOME, as it requires additional plumbing in at least the PAM module, and probably also in libpwquality proper. Again, I don't plan to work on this, but again, if someone else fixes it then I'm happy to make whatever changes are needed in g-i-s/g-c-c. Michael [1] https://fedoraproject.org/wiki/Passphrase_policy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
