On Thu, 2015-01-29 at 07:41 +0800, Ed Greshko wrote: > On 01/29/15 00:53, Brian C. Lane wrote: > > This Friday's build of Anaconda will no longer allow you to use > > weak passwords and click done twice. In order to promote more > > secureish default systems I have increased the password length > > required to 8 characters and removed allowing weak (as defined by > > libpwquality) passwords. > > > > I *know* this is going to be a bit of a pain to get used to. But > > the increased security is worth it. Super simple passwords will no > > longer be allowed, but it is still easy to come up with one that > > passes the checks. pwgen has lots of suggestions. > > > > And on the bright side, you don't have to click done twice anymore > > :) > > > > You use the pronoun "I" in your message. Can we, the community, > know if it was a unilateral decision or if it was discussed with > others? If it was discussed with others is there a record of the > discussion so we can know the arguments presented? It was done as a follow-up / alternative to this Change proposal: https://fedoraproject.org/wiki/Changes/SSHD_PermitRootLogin_no a lot of the reaction to that was along the lines of 'well, why not just make sure the root password is secure', and that got picked up by anaconda folks. You can follow the discussion in the devel@ and anaconda-devel-list archives. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test