On Sat, January 31, 2015 05:14, Johnny Hughes wrote: > On 01/30/2015 06:09 PM, Scott Robbins wrote: >> On Fri, Jan 30, 2015 at 11:27:55PM +0000, Marko Vojinovic wrote: >>> On Fri, 30 Jan 2015 14:15:05 -0800 >>> Akemi Yagi <amyagi at gmail.com> wrote: >>>> On Fri, Jan 30, 2015 at 2:04 PM, Scott Robbins >>>> <scottro at nyc.rr.com> >>>> wrote: >>>>>> >>>>>> Centos 7 does that as well. >>>>> Heh, I guess I've used good passwords in my installs then. >>>> >>>> I have to tap it twice all the time. But don't tell this to >>>> anyone! ;-) >>> >>> OP's point is that probably in RHEL8 you won't be able to do even >>> that anymore. >> >> Exactly. There is some complaining going on on the Fedora testing >> list, >> not sure where else one can protest. >> > > Well, protesting here would be meaningless .. as is protesting systemd > here. CentOS-8 will have whatever is in the RHEL-8 source code, > exactly > as it is in that source code minus branding. Just like CentOS-2.1, 3, > 4, 5, and 6. Our goal is to rebuild the source code exactly, bugs and > all. We want all the behaviors and the experience to be identical in > every way. > > If you want to effect change before it gets in RHEL, then Fedora is > the place. If you want to get it changed in CentOS, then buy RHEL > and providing feedback there is the way. We are, by design, exactly > as Red Hat pushes the RHEL source code. > Reading between the lines of the Fedora list discussion leads me to the conclusions that: 1. The password strength decision is driven by RH corporate. 2. There is not going to be any back-off by the developers. 3. This is going to be in RH-8. 4. There is absolutely no rational argument that can be made to anyone alter any of this. 5. Protesting there is evidently meaningless as well. The Fedora Server WG has already asked that this be optionally enforced if it cannot be removed. Answer: No. This change was not discussed, it was announced. There has been zero support for it from the community and a large amount of criticism. All requests for information respecting the rational and evidential support driving he change are met with what can only be described as political doublethink amounting to: See the unrelated discussion on this thread over here; and when you discover that it has nothing to do whatsoever with your request then see that tangential thread over there; and when you persistently return to your original request because there is no answer in either then be told that you are a conspiracy theory nut-case. > On Fri, Jan 30, 2015 at 2:49 PM, Chris Murphy > <lists at colorremedies.com> wrote: > On Fri, Jan 30, 2015 at 1:21 PM, Adam Williamson > <adamwill at fedoraproject.org> wrote: >> On Fri, 2015-01-30 at 12:59 -0700, Chris Murphy wrote: >>> What's the actual, real world, >>> non-imaginary impetus behind the change? >> >> It's exactly what all the list posts I pointed you to say it is. > > Please go find quotes because I just went through them all and I > found: > > "Better security is always a plus." > > "Instead I propose that we increase our minimum password..." > > "In principle I don't disagree with it; But IMO it can not be > a replacement to stronger defaults." > > And that's it. No actual reasons, let alone any data to back it up. > And all three of those statements have flaws which I've already > addressed. > >> I don't know how to stop the conspiracy virus which causes >> people to leap to the conclusion that there's some shadowy >> secret motive behind every change they don't like, but there >> *isn't*. ( Odd, is it not, that Mr. Williamson professes that there is no secret motive but cannot actually provide one when asked. ) The most telling line in the entire thread, for me, is this one: On Fri, 2015-01-30 at 12:59 -0700, Chris Murphy wrote: > When you stop trusting me. I stop trusting you. And that's a > huge problem, and thus far the engineering types are looking > at this with narrow vision, it's 2 more key presses. They > aren't looking at this at all from the perspective of its > connotation. Personally, from the outside looking in, this all smells of a pointy haired boss directive that the devs are trying to cover their collective asses from. Of course, my corporate days are long behind me so perhaps things have changed. Equally it could be simple incompetence by highly strung people that do not like being criticised for an ill-considered hasty decision but who actually have no evidence to support it. I have to go off now and find a nice bone bed to lie down in; and fossilize. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3