Hi Johan,
His point in short: passwords are not all that important any more. All virus spreading and hacking these days is done by sending malicous mails and by visiting malicious sites.
<polemical-mode>If your brother in law doesn't see that the virus argument doesn't apply to the question of whether or not to choose strong passwords maybe he shouldn't be a software developer in the first place.</polemical-mode>
Strong passwords don't protect against viruses, phishing etc. pp., that is true. But having weak passwords opens a plethora of other attack vectors beside that, and as for instance the iTunes hack shows there *are* real-world scenarios where passwords are attacked successfully. Just put an ssh server on a public IP and wait for a day, and you'll see how many.
Regarding the original issue, I don't see where requiring users to enter strong(ish) passwords in the GUI installer at installation time could do any harm except a minor inconvenience for some people. Kickstart is not affected, so automated installs won't break, and on the other hand the use of weak passwords may be reduced a bit by the change. I'm all for it.
Cheers,
Peter.