[CentOS] Fedora change that will probably affect RHEL

Sun Jul 26 13:13:19 UTC 2015
Johnny Hughes <johnny at centos.org>

On 07/25/2015 05:00 PM, Gordon Messmer wrote:
> On 07/25/2015 11:45 AM, Jake Shipton wrote:
>> I think a better solution to suite both worlds would be to simply have a
>> boot flag on the installation media such as maybe
>> "passwordcheck=true/false"
> 
> https://xkcd.com/1172/
> 
> It's practically a law that every time someone's workflow is broken,
> they request an option to change it.  Personally, I'm against it.
> Putting a weak password into the installer *is* a request for a weak
> password.  There's no reason to request a weak password twice (with a
> boot arg and a weak password) when the alternative is to graphically
> represent the password strength and let the user decide.
> 
> I don't like the change, but at the same time I do all of my installs
> with kickstart, and such installs are not affected. Kickstart files can
> contain a hashed password, and since a hashed password can't be checked,
> it can't be rejected.  Thus, any decision FESCO makes won't affect me at
> all.

One thing that people don't understand or don't want to address is that
most KNOWN instances of a Linux machine being hacked/owned/pwned/taken
over (substitute your word here) and then rooted happen because of weak
passwords.

It is certainly one's own right (at least in my country) to be
completely and utterly stupid with your decision making ... but if you
have any paying clients who have information on any machines you manage
and said clients information gets stolen, if you have weak passwords
then expect to shell out some cash for your stupid decision making.

Thank God we are not still using the computer code we did in 1991 when
Linux started.  Changes impact people, but good for us that the code has
changed and moved forward.

If people want weak passwords, I guess you can let people have them ..
but it is an idiotic thing to do.  It is also one that makes you liable
if you lose someone's privacy information because of your decision.

That is just MY opinion .. yours may vary.

Thanks,
Johnny Hughes


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20150726/0cff9d2d/attachment-0005.sig>