Gordon Messmer
2015-Jul-25 22:00 UTC
[CentOS] Fedora change that will probably affect RHEL
On 07/25/2015 11:45 AM, Jake Shipton wrote:> I think a better solution to suite both worlds would be to simply have a > boot flag on the installation media such as maybe > "passwordcheck=true/false"https://xkcd.com/1172/ It's practically a law that every time someone's workflow is broken, they request an option to change it. Personally, I'm against it. Putting a weak password into the installer *is* a request for a weak password. There's no reason to request a weak password twice (with a boot arg and a weak password) when the alternative is to graphically represent the password strength and let the user decide. I don't like the change, but at the same time I do all of my installs with kickstart, and such installs are not affected. Kickstart files can contain a hashed password, and since a hashed password can't be checked, it can't be rejected. Thus, any decision FESCO makes won't affect me at all.
On 07/25/2015 05:00 PM, Gordon Messmer wrote:> On 07/25/2015 11:45 AM, Jake Shipton wrote: >> I think a better solution to suite both worlds would be to simply have a >> boot flag on the installation media such as maybe >> "passwordcheck=true/false" > > https://xkcd.com/1172/ > > It's practically a law that every time someone's workflow is broken, > they request an option to change it. Personally, I'm against it. > Putting a weak password into the installer *is* a request for a weak > password. There's no reason to request a weak password twice (with a > boot arg and a weak password) when the alternative is to graphically > represent the password strength and let the user decide. > > I don't like the change, but at the same time I do all of my installs > with kickstart, and such installs are not affected. Kickstart files can > contain a hashed password, and since a hashed password can't be checked, > it can't be rejected. Thus, any decision FESCO makes won't affect me at > all.One thing that people don't understand or don't want to address is that most KNOWN instances of a Linux machine being hacked/owned/pwned/taken over (substitute your word here) and then rooted happen because of weak passwords. It is certainly one's own right (at least in my country) to be completely and utterly stupid with your decision making ... but if you have any paying clients who have information on any machines you manage and said clients information gets stolen, if you have weak passwords then expect to shell out some cash for your stupid decision making. Thank God we are not still using the computer code we did in 1991 when Linux started. Changes impact people, but good for us that the code has changed and moved forward. If people want weak passwords, I guess you can let people have them .. but it is an idiotic thing to do. It is also one that makes you liable if you lose someone's privacy information because of your decision. That is just MY opinion .. yours may vary. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150726/0cff9d2d/attachment-0001.sig>
On 07/26/2015 08:13 AM, Johnny Hughes wrote:> On 07/25/2015 05:00 PM, Gordon Messmer wrote: >> On 07/25/2015 11:45 AM, Jake Shipton wrote: >>> I think a better solution to suite both worlds would be to simply have a >>> boot flag on the installation media such as maybe >>> "passwordcheck=true/false" >> >> https://xkcd.com/1172/ >> >> It's practically a law that every time someone's workflow is broken, >> they request an option to change it. Personally, I'm against it. >> Putting a weak password into the installer *is* a request for a weak >> password. There's no reason to request a weak password twice (with a >> boot arg and a weak password) when the alternative is to graphically >> represent the password strength and let the user decide. >> >> I don't like the change, but at the same time I do all of my installs >> with kickstart, and such installs are not affected. Kickstart files can >> contain a hashed password, and since a hashed password can't be checked, >> it can't be rejected. Thus, any decision FESCO makes won't affect me at >> all. > > One thing that people don't understand or don't want to address is that > most KNOWN instances of a Linux machine being hacked/owned/pwned/taken > over (substitute your word here) and then rooted happen because of weak > passwords. > > It is certainly one's own right (at least in my country) to be > completely and utterly stupid with your decision making ... but if you > have any paying clients who have information on any machines you manage > and said clients information gets stolen, if you have weak passwords > then expect to shell out some cash for your stupid decision making. > > Thank God we are not still using the computer code we did in 1991 when > Linux started. Changes impact people, but good for us that the code has > changed and moved forward. > > If people want weak passwords, I guess you can let people have them .. > but it is an idiotic thing to do. It is also one that makes you liable > if you lose someone's privacy information because of your decision. > > That is just MY opinion .. yours may vary.Gordon, just to make sure you (and others on the list) understand .. I have no issue with your specific post .. I probably should have replied to the OP's mail instead, but yours was the last I read on this thread. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150726/b1f04601/attachment-0001.sig>