On Sat, January 31, 2015 05:14, Johnny Hughes wrote:> On 01/30/2015 06:09 PM, Scott Robbins wrote: >> On Fri, Jan 30, 2015 at 11:27:55PM +0000, Marko Vojinovic wrote: >>> On Fri, 30 Jan 2015 14:15:05 -0800 >>> Akemi Yagi <amyagi at gmail.com> wrote: >>>> On Fri, Jan 30, 2015 at 2:04 PM, Scott Robbins >>>> <scottro at nyc.rr.com> >>>> wrote: >>>>>> >>>>>> Centos 7 does that as well. >>>>> Heh, I guess I've used good passwords in my installs then. >>>> >>>> I have to tap it twice all the time. But don't tell this to >>>> anyone! ;-) >>> >>> OP's point is that probably in RHEL8 you won't be able to do even >>> that anymore. >> >> Exactly. There is some complaining going on on the Fedora testing >> list, >> not sure where else one can protest. >> > > Well, protesting here would be meaningless .. as is protesting systemd > here. CentOS-8 will have whatever is in the RHEL-8 source code, > exactly > as it is in that source code minus branding. Just like CentOS-2.1, 3, > 4, 5, and 6. Our goal is to rebuild the source code exactly, bugs and > all. We want all the behaviors and the experience to be identical in > every way. > > If you want to effect change before it gets in RHEL, then Fedora is > the place. If you want to get it changed in CentOS, then buy RHEL > and providing feedback there is the way. We are, by design, exactly > as Red Hat pushes the RHEL source code. >Reading between the lines of the Fedora list discussion leads me to the conclusions that: 1. The password strength decision is driven by RH corporate. 2. There is not going to be any back-off by the developers. 3. This is going to be in RH-8. 4. There is absolutely no rational argument that can be made to anyone alter any of this. 5. Protesting there is evidently meaningless as well. The Fedora Server WG has already asked that this be optionally enforced if it cannot be removed. Answer: No. This change was not discussed, it was announced. There has been zero support for it from the community and a large amount of criticism. All requests for information respecting the rational and evidential support driving he change are met with what can only be described as political doublethink amounting to: See the unrelated discussion on this thread over here; and when you discover that it has nothing to do whatsoever with your request then see that tangential thread over there; and when you persistently return to your original request because there is no answer in either then be told that you are a conspiracy theory nut-case.> On Fri, Jan 30, 2015 at 2:49 PM, Chris Murphy > <lists at colorremedies.com> wrote: > On Fri, Jan 30, 2015 at 1:21 PM, Adam Williamson > <adamwill at fedoraproject.org> wrote: >> On Fri, 2015-01-30 at 12:59 -0700, Chris Murphy wrote: >>> What's the actual, real world, >>> non-imaginary impetus behind the change? >> >> It's exactly what all the list posts I pointed you to say it is. > > Please go find quotes because I just went through them all and I > found: > > "Better security is always a plus." > > "Instead I propose that we increase our minimum password..." > > "In principle I don't disagree with it; But IMO it can not be > a replacement to stronger defaults." > > And that's it. No actual reasons, let alone any data to back it up. > And all three of those statements have flaws which I've already > addressed. > >> I don't know how to stop the conspiracy virus which causes >> people to leap to the conclusion that there's some shadowy >> secret motive behind every change they don't like, but there >> *isn't*.( Odd, is it not, that Mr. Williamson professes that there is no secret motive but cannot actually provide one when asked. ) The most telling line in the entire thread, for me, is this one: On Fri, 2015-01-30 at 12:59 -0700, Chris Murphy wrote:> When you stop trusting me. I stop trusting you. And that's a > huge problem, and thus far the engineering types are looking > at this with narrow vision, it's 2 more key presses. They > aren't looking at this at all from the perspective of its > connotation.Personally, from the outside looking in, this all smells of a pointy haired boss directive that the devs are trying to cover their collective asses from. Of course, my corporate days are long behind me so perhaps things have changed. Equally it could be simple incompetence by highly strung people that do not like being criticised for an ill-considered hasty decision but who actually have no evidence to support it. I have to go off now and find a nice bone bed to lie down in; and fossilize. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
> On Jan 31, 2015, at 8:04 AM, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > > 1. The password strength decision is driven by RH corporate.So who do you believe is driving RH corporate? Why are they expending the effort to do this? The answer is clear to me: general security principles. By the time EL8 comes out, we?ll have had ~3 years of warnings under EL7 that weak passwords would not be tolerated, and they?re finally disallowing them. Good! (More like 6 years, actually, because EL6 gives a red warning bar for weak passwords.) Let?s flip it around: what?s your justification *for* weak passwords? We use them here temporarily during setup, but we lock the system down with a secure unique password before deployment. Switching to something more secure really is not that burdensome.> 2. There is not going to be any back-off by the developers.Why would there be? The trend in security is clear: keep up or get run over. The only question is how quickly forward we proceed, not which direction ?forward? is. RHEL has been moving forward pretty darn slowly. The current system in EL7 allows *appallingly* bad passwords. Passwords that can be cracked in reasonable time scales even with SSH?s existing rate-limiting.> 4. There is absolutely no rational argument that can be made to anyone > alter any of this.That could be because there is no rational reason. Got one? Lay it on me. Please include a description of the threat model where a password like byrnej123 should be allowed, which *is* allowed in EL7, as long as root is setting it and says ?Yes, I really am sure I want such a dreadfully easy to crack password.?> 5. Protesting there is evidently meaningless as well.While I?ve got the floor, I would like to encourage everyone to send mail to god at universe.org to protest tomorrow?s sunrise. Rationale: Melanoma is bad.> This change was not discussedHmm, yes, let?s hold public committee hearings for every technical change. The resulting bureaucratic mire will surely usher in the Year of Linux!> ( Odd, is it not, that Mr. Williamson professes that there is no > secret motive but cannot actually provide one when asked. )What secret motive *could* there be?? The current security policy is weak, and this change fixes that. End of story.
On Mon, February 2, 2015 4:17 pm, Warren Young wrote:>> On Jan 31, 2015, at 8:04 AM, James B. Byrne <byrnejb at harte-lyne.ca> >> wrote: >> >> 1. The password strength decision is driven by RH corporate. > > So who do you believe is driving RH corporate? Why are they expending the > effort to do this? > > The answer is clear to me: general security principles. By the time EL8 > comes out, we???ll have had ~3 years of warnings under EL7 that weak > passwords would not be tolerated, and they???re finally disallowing them. > Good! > > (More like 6 years, actually, because EL6 gives a red warning bar for weak > passwords.) > > Let???s flip it around: what???s your justification *for* weak passwords? > > We use them here temporarily during setup, but we lock the system down > with a secure unique password before deployment. Switching to something > more secure really is not that burdensome. > >> 2. There is not going to be any back-off by the developers. > > Why would there be? The trend in security is clear: keep up or get run > over. > > The only question is how quickly forward we proceed, not which direction > ???forward??? is. > > RHEL has been moving forward pretty darn slowly. The current system in > EL7 allows *appallingly* bad passwords. Passwords that can be cracked in > reasonable time scales even with SSH???s existing rate-limiting. > >> 4. There is absolutely no rational argument that can be made to anyone >> alter any of this. > > That could be because there is no rational reason. > > Got one? Lay it on me. Please include a description of the threat model > where a password like byrnej123 should be allowed, which *is* allowed in > EL7, as long as root is setting it and says ???Yes, I really am sure I > want such a dreadfully easy to crack password.??? > >> 5. Protesting there is evidently meaningless as well. > > While I???ve got the floor, I would like to encourage everyone to send > mail to god at universe.org to protest tomorrow???s sunrise. > > Rationale: Melanoma is bad. > >> This change was not discussed > > Hmm, yes, let???s hold public committee hearings for every technical > change. The resulting bureaucratic mire will surely usher in the Year of > Linux! > >> ( Odd, is it not, that Mr. Williamson professes that there is no >> secret motive but cannot actually provide one when asked. ) > > What secret motive *could* there be?? The current security policy is > weak, and this change fixes that. End of story.It's hard to not endorse everything you are saying. As far as motive is concerned, it is not that secret. Security. RedHat doesn't like poorly administered machined with RHEL linux get hacked, then many voices saying saying in the internet: RHEL Linux is not secure, RHEL Linux machines are getting hacked. Even though the reason is not what it sounds like. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Mon, Feb 2, 2015 at 4:17 PM, Warren Young <wyml at etr-usa.com> wrote:>> > Let?s flip it around: what?s your justification *for* weak passwords? >You don't need to write them down. Or trust some 3rd party password keeper to keep them. Whereas when 'not weak' is determined by someone else in the middle of trying to complete something, you are very likely to have to write it down. -- Les Mikesell lesmikesell at gmail.com
On Mon, 2015-02-02 at 15:17 -0700, Warren Young wrote:> The answer is clear to me: general security principles. By the time EL8 comes out, we?ll have had ~3 years of warnings under EL7 that weak passwords would not be tolerated, and they?re finally disallowing them. Good! > > (More like 6 years, actually, because EL6 gives a red warning bar for weak passwords.) > > Let?s flip it around: what?s your justification *for* weak passwords?Wrong point. Wrong focus. Ultimately it is for the deployer (and the user if Root) to determine. To suggest otherwise is pure arrogance. M$ users do not own their machines. M$ does. M$ determines what they can do and what data M$ secretly collects on them, stores on the machine and prevents the user viewing. Seems like another move towards emulating M$. If testing then a one character password is very acceptable to me. Why should some arrogant nutter impose an arduous ultra secure password when a simple one character password will suffice ? Who knows the machine, the deploying environment and the circumstances better ? The user or some anonymous and arrogant nutter perhaps many thousands of miles (or kilometers) away ? Remember machines should be working for the convenience of Humanity - not for the convenience of anonymous nutters who know absolutely nothing about the user's work situation ! Generally having strong passwords is good however generalised circumstances should never be forced down the throats of loyal users. An English (as in England, Europe) saying is:- Rules were made for the guidance of wise men, but for the obedience of fools ! If everyone is willing to donate USD 1, then perhaps we could lend him to M$ where security is so lax he could do some enormous good. No need to waffle Warren. You've lost this one :-) -- Regards, Paul. England, EU. Je suis Charlie.