On 02/05/2015 01:27 PM, Scott Robbins wrote:
On Thu, Feb 05, 2015 at 12:53:45PM -0700, Chris Murphy wrote:
On Thu, Feb 5, 2015 at 10:36 AM, Brian C. Lane <bcl@xxxxxxxxxx> wrote:
Next to impossible? Really? I've find it easy to come up with passwords
that work.
You think this is easy. Other's don't. It's a condescending,
pointless, and unwinnable argument, and it needs to stop.
You might also look at the CentOS list, which has a high percentage of
people who, y'know, actually use this stuff to make a living. You'll find
that it's overwhelmingly against this.
I don't find any of the arguments against the change to be compelling.
Well, I don't find any of the arguments for a change, that will probably
violate POLA (principle of least astonishment) at all compelling. You're
making the change, it is up to you to justify.
This reminds me of the time when they wanted packagekit to allow any user
to upgrade any package--even now, any user can upgrade any installed,
signed package--and they were going to go through with it till it made the
front page of slashdot.
I have to agree with Chris. I have absolutely no issue with the
installer _warning_ me that the password I chose is (in the INSTALLER's
opinion) weak. The installer should ABSOLUTELY NOT force me to use some
arbitrarily obscure password to satisfy its criteria. I have very good
reasons for using the passwords I choose.
One example: We often have accounts that log in to collect data (e.g.
nagios or rancid) for monitoring purposes or config change deltas. If
the installer suddenly changes the password requirements, then the
existing systems all have to be changed to match, and the monitoring
software also has to be reconfigured. That is truly invasive. I manage
well over 400 systems spread around in three data centers and I have to
change everything because some self-righteous coder thinks my passwords
are inadequate?
All the installer should do is install a functional system. If
something comes up that may be odd, then fine, warn the user about it
but do what the user tells you to do. Leave it up to the system admins
to harden the system if they need to.
We should be
encouraging them to choose stronger passwords and we should remember
that we're not the only people running Fedora.
Yes, but most running Fedora aren't totally inexperienced. Nor for that
matter, are people running Mint or Ubuntu--most have at least some
knowledge of computers, otherwise, they run Windows or OSX.
<soap>
Encouraging is one hell of a lot different than beating them over the
head and not letting them configure the system THE WAY THEY WANT IT
CONFIGURED!
</soap>
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- "You think that's tough? Try herding cats!" -
----------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test