On 07/26/2015 08:13 AM, Johnny Hughes wrote: > On 07/25/2015 05:00 PM, Gordon Messmer wrote: >> On 07/25/2015 11:45 AM, Jake Shipton wrote: >>> I think a better solution to suite both worlds would be to simply have a >>> boot flag on the installation media such as maybe >>> "passwordcheck=true/false" >> >> https://xkcd.com/1172/ >> >> It's practically a law that every time someone's workflow is broken, >> they request an option to change it. Personally, I'm against it. >> Putting a weak password into the installer *is* a request for a weak >> password. There's no reason to request a weak password twice (with a >> boot arg and a weak password) when the alternative is to graphically >> represent the password strength and let the user decide. >> >> I don't like the change, but at the same time I do all of my installs >> with kickstart, and such installs are not affected. Kickstart files can >> contain a hashed password, and since a hashed password can't be checked, >> it can't be rejected. Thus, any decision FESCO makes won't affect me at >> all. > > One thing that people don't understand or don't want to address is that > most KNOWN instances of a Linux machine being hacked/owned/pwned/taken > over (substitute your word here) and then rooted happen because of weak > passwords. > > It is certainly one's own right (at least in my country) to be > completely and utterly stupid with your decision making ... but if you > have any paying clients who have information on any machines you manage > and said clients information gets stolen, if you have weak passwords > then expect to shell out some cash for your stupid decision making. > > Thank God we are not still using the computer code we did in 1991 when > Linux started. Changes impact people, but good for us that the code has > changed and moved forward. > > If people want weak passwords, I guess you can let people have them .. > but it is an idiotic thing to do. It is also one that makes you liable > if you lose someone's privacy information because of your decision. > > That is just MY opinion .. yours may vary. Gordon, just to make sure you (and others on the list) understand .. I have no issue with your specific post .. I probably should have replied to the OP's mail instead, but yours was the last I read on this thread. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150726/b1f04601/attachment-0005.sig>