[CentOS] Fedora change that will probably affect RHEL

Tue Jul 28 19:20:06 UTC 2015
Johnny Hughes <johnny at centos.org>

On 07/28/2015 02:06 PM, Chris Adams wrote:
> Once upon a time, Warren Young <wyml at etr-usa.com> said:
>> Much of the evil on the Internet today — DDoS armies, spam spewers, phishing botnets — is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords.
> 
> Since most of that crap comes from Windows hosts, the security of Linux
> SSH passwords seems hardly relevant.
> 
>> Your freedom to use any password you like stops at the point where exercising that freedom creates a risk to other people’s machines.
> 
> Your freedom to dictate terms to me stops at my system, which you cannot
> access even if I set the password to "12345".  You are making an
> assumption that every Fedora/CentOS install is on the public Internet,
> and then applying rules based on that (false) assumption.
> 
> When root can override a password policy after install, forcing a policy
> during install is nothing but stupid and irritating.  Despite what was
> said on the Fedora list, this was an active change taken by anaconda
> developers (to take out the "click again to accept anyway" option), so
> they should expect people to complain to them and be prepared to handle
> the response.
> 

Well, you are welcome to your opinion and Warren is welcome to his.

But in relationship to CentOS Linux, this discussion is completely
irrelevant.

If RHEL releases source code that does not accept weak passwords, then
we will rebuild that source code for CentOS Linux.  If they later change
the source code to add back weak password support, we will rebuild that too.

Whether we like or dislike the policy doesn't matter in the slightest ..
we don't make those kind of choices in CentOS Linux .. we rebuild the
RHEL source code.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150728/ec4d54b8/attachment-0005.sig>