On Mon, Aug 21, 2006 at 09:06:01AM +0200, Patrice Dumas wrote: > The cure is not to disallow features, but use right passwords. > If I recall well poor passwords can be set by root, but there > is a warning (at least when set with passwd). Enforcing strong passwords in anaconda might help. (And for root & user passwords even when the tools are run as root -- that's one of the main compromise vectors we see here.) But I think the narrow "I want to ssh in after doing a network install" case is *too* narrow to be a strong argument against not providing this protection to everyone else -- particularly because there's several different ways people in this situation could easily work around it. Systems should be optimized (and doubly so for secured) for the common case wherever they can be without blocking the useful uncommon cases -- as Fedora's ssh can be here. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
