On Mon, Feb 02, 2015 at 11:31:35PM +0000, Always Learning wrote: > If testing then a one character password is very acceptable to me. Why > should some arrogant nutter impose an arduous ultra secure password when > a simple one character password will suffice ? Who knows the machine, > the deploying environment and the circumstances better ? The user or > some anonymous and arrogant nutter perhaps many thousands of miles (or > kilometers) away ? I'm curious, were you upset when Java (and various other software packages that use SSL) were updated to stop using SSLv3? Surely this would have caused problems with any testing infrastructure that wasn't open to the world that used pre-generated SSL certificates. The decision to disable it was made by the packagers of the software because of security implications. Sure, SSLv3 still works, it's just not secure. It's just some arrogant nutter who thinks that maybe we shouldn't be using it anymore. -- Jonathan Billings <billings at negate.org>