Re: Heads up - Anaconda 22.17 will enforce 'good' passwords

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2015-01-29 at 07:41 +0800, Ed Greshko wrote:
> On 01/29/15 00:53, Brian C. Lane wrote:
> > This Friday's build of Anaconda will no longer allow you to use 
> > weak passwords and click done twice. In order to promote more 
> > secureish default systems I have increased the password length 
> > required to 8 characters and removed allowing weak (as defined by 
> > libpwquality) passwords.
> > 
> > I *know* this is going to be a bit of a pain to get used to. But 
> > the increased security is worth it. Super simple passwords will no 
> > longer be allowed, but it is still easy to come up with one that 
> > passes the checks. pwgen has lots of suggestions.
> > 
> > And on the bright side, you don't have to click done twice anymore 
> > :)
> > 
> 
> You use the pronoun "I" in your message.  Can we, the community, 
> know if it was a unilateral decision or if it was discussed with 
> others?  If it was discussed with others is there a record of the 
> discussion so we can know the arguments presented?

It was done as a follow-up / alternative to this Change proposal:

https://fedoraproject.org/wiki/Changes/SSHD_PermitRootLogin_no

a lot of the reaction to that was along the lines of 'well, why not 
just make sure the root password is secure', and that got picked up by 
anaconda folks. You can follow the discussion in the devel@ and 
anaconda-devel-list archives.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux