Once upon a time, Warren Young <wyml at etr-usa.com> said: > Much of the evil on the Internet today — DDoS armies, spam spewers, phishing botnets — is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords. Since most of that crap comes from Windows hosts, the security of Linux SSH passwords seems hardly relevant. > Your freedom to use any password you like stops at the point where exercising that freedom creates a risk to other people’s machines. Your freedom to dictate terms to me stops at my system, which you cannot access even if I set the password to "12345". You are making an assumption that every Fedora/CentOS install is on the public Internet, and then applying rules based on that (false) assumption. When root can override a password policy after install, forcing a policy during install is nothing but stupid and irritating. Despite what was said on the Fedora list, this was an active change taken by anaconda developers (to take out the "click again to accept anyway" option), so they should expect people to complain to them and be prepared to handle the response. -- Chris Adams <linux at cmadams.net>