The cracklibs-dict package is ... quite ... comprehensive. It weighs in at almost 10MB on disk. Modern password guidance emphasizes length rather than complicated checks, and this 10MB payload is increasingly irrelevant. I'd like to provide an alternative, using a list of the 10,000 most common passwords found in password breeches. This compresses down to about 1k, so it's significant space savings, and may result in less user frustration while still giving some real protection against the worst choices -- and meeting security checklist items like "passwords checked against a dictionary". The problem is that cracklib seems to have a compile-time option for where to find its dictionary. cracklib-dicts is already a subpackage, and a cracklib-10k-worst or something alternative package could just be a drop-in replacement... except of course it would conflict. Is this an okay use of Conflicts? If not, what _should_ I do? -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader _______________________________________________ packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx
