On Wed, Dec 2, 2020 at 2:08 PM Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote:
>
> The cracklibs-dict package is ... quite ... comprehensive. It weighs in at
> almost 10MB on disk. Modern password guidance emphasizes length rather than
> complicated checks, and this 10MB payload is increasingly irrelevant. I'd
> like to provide an alternative, using a list of the 10,000 most common
> passwords found in password breeches. This compresses down to about 1k, so
> it's significant space savings, and may result in less user frustration
> while still giving some real protection against the worst choices -- and
> meeting security checklist items like "passwords checked against a
> dictionary".
>
> The problem is that cracklib seems to have a compile-time option for where
> to find its dictionary. cracklib-dicts is already a subpackage, and a
> cracklib-10k-worst or something alternative package could just be a drop-in
> replacement... except of course it would conflict. Is this an okay use of
> Conflicts? If not, what _should_ I do?
>
Each subpackage can have virtual Provides+Conflicts to indicate one
*must* be installed:
Provides: cracklib-dictionaries
Conflicts: cracklib-dictionaries
Then cracklib itself can do the following:
Requires: cracklib-dictionaries
Suggests: cracklib-dicts-10k-worst
And cracklib-dicts-full (replacing old cracklib-dicts) would do the following:
Obsoletes: cracklib-dicts < %{version}-%{release}
Provides: cracklib-dictionaries
Conflicts: cracklib-dictionaries
--
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx
