[CentOS] Fedora change that will probably affect RHEL

Sun Jul 26 13:15:27 UTC 2015
Johnny Hughes <johnny at centos.org>

On 07/26/2015 08:13 AM, Johnny Hughes wrote:
> On 07/25/2015 05:00 PM, Gordon Messmer wrote:
>> On 07/25/2015 11:45 AM, Jake Shipton wrote:
>>> I think a better solution to suite both worlds would be to simply have a
>>> boot flag on the installation media such as maybe
>>> "passwordcheck=true/false"
>>
>> https://xkcd.com/1172/
>>
>> It's practically a law that every time someone's workflow is broken,
>> they request an option to change it.  Personally, I'm against it.
>> Putting a weak password into the installer *is* a request for a weak
>> password.  There's no reason to request a weak password twice (with a
>> boot arg and a weak password) when the alternative is to graphically
>> represent the password strength and let the user decide.
>>
>> I don't like the change, but at the same time I do all of my installs
>> with kickstart, and such installs are not affected. Kickstart files can
>> contain a hashed password, and since a hashed password can't be checked,
>> it can't be rejected.  Thus, any decision FESCO makes won't affect me at
>> all.
> 
> One thing that people don't understand or don't want to address is that
> most KNOWN instances of a Linux machine being hacked/owned/pwned/taken
> over (substitute your word here) and then rooted happen because of weak
> passwords.
> 
> It is certainly one's own right (at least in my country) to be
> completely and utterly stupid with your decision making ... but if you
> have any paying clients who have information on any machines you manage
> and said clients information gets stolen, if you have weak passwords
> then expect to shell out some cash for your stupid decision making.
> 
> Thank God we are not still using the computer code we did in 1991 when
> Linux started.  Changes impact people, but good for us that the code has
> changed and moved forward.
> 
> If people want weak passwords, I guess you can let people have them ..
> but it is an idiotic thing to do.  It is also one that makes you liable
> if you lose someone's privacy information because of your decision.
> 
> That is just MY opinion .. yours may vary.

Gordon, just to make sure you (and others on the list) understand .. I
have no issue with your specific post .. I probably should have replied
to the OP's mail instead, but yours was the last I read on this thread.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150726/b1f04601/attachment-0005.sig>