On Thu, 2015-01-29 at 14:01 -0700, Chris Murphy wrote: > On Wed, Jan 28, 2015 at 5:33 PM, Samuel Sieb <samuel@xxxxxxxx> wrote: > > > I just don't understand the reasoning here. Sure, make it very > > clear that > > the chosen password is weak. Make me jump through several hoops > > before accepting the weak password. But it's my computer! Why > > can't I make the > > (informed) choice to use a weak password? > > What was the reasoning from the Anaconda team the last time they > tried to enforce a password policy change without consulting anyone > else about it? It was conjecture. And they didn't ask any security > experts about the idea in advance then either. Calm, rational > criticism was met with stubborn condescension from the developers. > It took a firestorm on devel@ to get them to change their mind. > > And this time, once again several people have offered calm, rational > feedback (on anaconda-devel@) about how this doesn't improve > security in any meaningful way, but does inhibit testing in a > meaningful way. But this has been ignored and summarily rejected. > While consistent with the track record, it's beyond tedious that > anaconda devs tend to respond better to vinegar than honey. > > So, I'm not sure why you'd expect any kind of reasoning to be > presented for yet another installer security mis-feature that's > completely orthogonal to the original sshd proposal. Seriously. Stop this. I have already asked people to stop assigning negative motivations to others without due cause. This is not being excellent to each other. The next person to do this is going into moderation. I have already explained that the change was made in response to extensive discussion of a proposed Fedora 22 Change: https://fedoraproject.org/wiki/Changes/SSHD_PermitRootLogin_no it is not hard to follow this discussion. Just go read the devel@ archives: https://lists.fedoraproject.org/pipermail/devel/2015-January/206157.html is the start of the thread https://lists.fedoraproject.org/pipermail/devel/2015-January/206513.html is an example of someone not at all involved in anaconda development proposing password strength enforcement You were involved in that thread yourself, so you *know* this is not just coming from anaconda. The anaconda-devel-list discussion couldn't really be clearer about the relationship to the Change proposal - the whole thread was kicked off by the Change owner: https://www.redhat.com/archives/anaconda-devel-list/2015-January/msg00026.html It is simply and clearly _false_ to claim that "the Anaconda team...tried to enforce a password policy change without consulting anyone else about it?", when the change was in fact discussed on two high-profile public project mailing lists, both threads which you *posted in yourself*. You may not like the change, I don't like it much either, but it's not acceptable to cast entirely insupportable aspersions on the people making it. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
