On Wed, 2015-01-28 at 16:05 -0700, Chris Murphy wrote: > On Wed, Jan 28, 2015 at 9:53 AM, Brian C. Lane <bcl@xxxxxxxxxx> > wrote: > > > I *know* this is going to be a bit of a pain to get used to. But > > the increased security is worth it. Super simple passwords will no > > longer be allowed, but it is still easy to come up with one that > > passes the checks. pwgen has lots of suggestions. > > It's not worth it. It's a PITA. It's security theater. Windows, OS > X, Android, iOS - none of these require strong passwords, and the > last two don't even require passwords at all. The new password > requirement merely exposes the fact we're deficient in other areas > of system security, and we're masking that with this insulting baby > sitting nonsense. > > Instead of coercion, it's more polite to call the user names > (stupid, idiot, moron, imbecile, etc) if they choose weak passwords. > Name calling is kinder, more convenient, and honest and capitulation > is optional. This password policy is complete utter bullcrap. This > doesn't happen on any other OS I use and it pisses me off that > Fedora is deciding to do this exactly wrong. It's really that > offensive. Note that just last release, I managed to get g-i-s changed to allow 'weak' passwords with a warning, in order to be consistent with anaconda and initial-setup...so now it'll have to get changed back again. https://bugzilla.gnome.org/show_bug.cgi?id=735578 -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
