On Tue, 2019-11-26 at 00:34 +0100, Kevin Kofler wrote: > Samuel Sieb wrote: > > Steps 1 - 4 are not benefits, they are workarounds to critical system > > utilities required by this change. I don't understand why this change > > is necessary at all. It only affects local logins and if someone wants > > to have an empty password, why make it so difficult? It's their choice. > > +1, I do not see the point of patronizing our users that way (and it is only > an extra hoop to jump through because they can still readd the nullok), and > find it particularly pointless to make all those error-prone changes to core > system utilities just to make that work. > > > It's not like Fedora has any default logins with empty passwords, the > > user has to make their own. > > That part is actually not entirely true: the live images have no password > set on the liveuser and root accounts. Hence, this change will also break > the live images, unless we add yet another hack to the scriptlets in the > live kickstarts, one that readds the nullok option. IMHO, we already have > too many hacks in the kickstart scriptlets. I gotta say +1 too. I don't buy that there's a significant 'hardening' benefit worth all the effort mentioned in the Change *plus* the additional consequences Kevin and Martin pointed out. At minimum I'd like to see a much more convincing case that people are creating users without passwords without understanding what they're doing. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
