Michael Catanzaro wrote: > The status quo is that we are not in compliance with FESCo's policy > [1], which clearly applies to all tools that change passwords and not > just anaconda, but we can't change anything in GNOME until libpwquality > stops blocking weak passwords via its PAM module, since we ultimately > shell out to passwd to implement that (for auditability). The right fix there is to just remove the libpwquality PAM module by default. Enabling such a thing should only be done by the local system administrator. > But there is one more issue. FESCo's policy actually requires that only > admin users (wheel users, including the initial user account) would be > able to set weak passwords, and that unprivileged users should be > blocked from doing so. And I agree with Chris Murphy that that policy is utter nonsense. Even if I want to set my password to the empty string, that is my choice. It is a perfectly valid password for some use cases. (For what it's worth, I actually use a non-empty password, but Anaconda considers even that "weak". But I do not want to give more details here, and most definitely not the password itself, for obvious reasons.) Kevin Kofler _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx