On Mon, 23 Jan 2017 02:24:04 + (UTC)
Ben Boeckel wrote:
> On Sun, 22 Jan, 2017 at 23:36:48 GMT, Ben Boeckel wrote:
>
>
> Sorry for the necro; I apparently had a message queued up on this
> machine that I had forgotten about.
No problem. A word to the wise is welcome.
_
On Sun, 22 Jan, 2017 at 23:36:48 GMT, Ben Boeckel wrote:
Sorry for the necro; I apparently had a message queued up on this
machine that I had forgotten about.
--Ben
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to
On Tue, 11 Oct, 2016 at 18:25:03 GMT, stan wrote:
> "you are a good girl" or variation. Does she have a favorite passage
> in a book she reads?
Beware common phrases; they are part of the "dictionaries" used by
password crackers these days (particularly memorable quotes from movies,
books (especi
On Tue, 11 Oct 2016 08:35:35 +
Zbigniew Jędrzejewski-Szmek wrote:
> On Tue, Oct 11, 2016 at 09:15:12AM +0200, Björn Persson wrote:
> > Zbigniew Jędrzejewski-Szmek wrote:
> > > Yes. The hint that "this passphrase is weak" is very useful. But
> > > enforcing any policy is just too inflexible
On Tue, Oct 11, 2016 at 09:15:12AM +0200, Björn Persson wrote:
> Zbigniew Jędrzejewski-Szmek wrote:
> > Yes. The hint that "this passphrase is weak" is very useful. But
> > enforcing any policy is just too inflexible. I just tried to explain
> > (unsuccessfully) to a kid (2nd grade, so any "strong
On Mon, Oct 10, 2016 at 11:56:38AM -0500, Michael Catanzaro wrote:
> On Mon, 2016-10-10 at 16:17 +, Zbigniew Jędrzejewski-Szmek wrote:
> > (In addition, typing "password" in the gnome search box does *not*
> > lead to something that allows you to change your password, one needs
> > to search fo
Zbigniew Jędrzejewski-Szmek wrote:
> Yes. The hint that "this passphrase is weak" is very useful. But
> enforcing any policy is just too inflexible. I just tried to explain
> (unsuccessfully) to a kid (2nd grade, so any "strong" password would
> simply be immediately forgotten) why she cannot chan
On Mon, 2016-10-10 at 16:17 +, Zbigniew Jędrzejewski-Szmek wrote:
> (In addition, typing "password" in the gnome search box does *not*
> lead to something that allows you to change your password, one needs
> to search for "users" instead…, but that's another story. If somebody
> from the gnome
On Sat, Oct 08, 2016 at 02:29:20PM +0200, Kevin Kofler wrote:
> Michael Catanzaro wrote:
> > The status quo is that we are not in compliance with FESCo's policy
> > [1], which clearly applies to all tools that change passwords and not
> > just anaconda, but we can't change anything in GNOME until l
On Pá, 2016-10-07 at 11:58 -0500, Michael Catanzaro wrote:
> On Fri, 2016-10-07 at 18:07 +0200, Hans de Goede wrote:
> >
> > Suggested fix if you "shell out to passwd" in g-c-c, then why not
> > also do this in g-i-s presumable you can share the code then and
> > have less security sensitive code
Michael Catanzaro wrote:
> The status quo is that we are not in compliance with FESCo's policy
> [1], which clearly applies to all tools that change passwords and not
> just anaconda, but we can't change anything in GNOME until libpwquality
> stops blocking weak passwords via its PAM module, since
Tomas Mraz wrote:
> The only place where the password strength check should not be
> overridable is when a regular user tries to change his own password.
No, even that should not happen unless the local administrator explicitly
opted to enforce some such policy (and the exact policy to enforce is
Hi,
On 07-10-16 18:58, Michael Catanzaro wrote:
On Fri, 2016-10-07 at 18:07 +0200, Hans de Goede wrote:
Suggested fix if you "shell out to passwd" in g-c-c, then why not
also do this in g-i-s presumable you can share the code then and
have less security sensitive code to worry about ? When you
On Fri, 2016-10-07 at 18:07 +0200, Hans de Goede wrote:
> Suggested fix if you "shell out to passwd" in g-c-c, then why not
> also do this in g-i-s presumable you can share the code then and
> have less security sensitive code to worry about ? When you do
> make sure you run passwd as root (from g-
On Fri, 2016-10-07 at 16:17 +0200, Tomas Mraz wrote:
> On Pá, 2016-10-07 at 15:56 +0200, Hans de Goede wrote:
> > Hi,
> >
> > So 2 devel cycles ago we had this whole discussion
> > about how forcing people to choose strong passwords in anaconda
> > was making live hard for testers / test-installs
Hi,
On 07-10-16 18:03, Adam Williamson wrote:
On Fri, 2016-10-07 at 15:56 +0200, Hans de Goede wrote:
Hi,
So 2 devel cycles ago we had this whole discussion
about how forcing people to choose strong passwords in anaconda
was making live hard for testers / test-installs and this
decision was re
Hi,
On 07-10-16 17:42, Michael Catanzaro wrote:
On Fri, 2016-10-07 at 15:56 +0200, Hans de Goede wrote:
So can we get this fixed please, or do we need to escalate
this all the way up to FESco again ?
Hi,
The status quo is that we are not in compliance with FESCo's policy
[1], which clearly a
On Fri, 2016-10-07 at 15:56 +0200, Hans de Goede wrote:
> Hi,
>
> So 2 devel cycles ago we had this whole discussion
> about how forcing people to choose strong passwords in anaconda
> was making live hard for testers / test-installs and this
> decision was reverted.
>
> So now here I'm doing a F
On Fri, Oct 7, 2016 at 9:42 AM, Michael Catanzaro wrote:
> But there is one more issue. FESCo's policy actually requires that only
> admin users (wheel users, including the initial user account) would be
> able to set weak passwords, and that unprivileged users should be
> blocked from doing so.
On Fri, Oct 7, 2016 at 8:17 AM, Tomas Mraz wrote:
> On Pá, 2016-10-07 at 15:56 +0200, Hans de Goede wrote:
>> Hi,
>>
>> So 2 devel cycles ago we had this whole discussion
>> about how forcing people to choose strong passwords in anaconda
>> was making live hard for testers / test-installs and this
On Fri, 2016-10-07 at 15:56 +0200, Hans de Goede wrote:
> So can we get this fixed please, or do we need to escalate
> this all the way up to FESco again ?
Hi,
The status quo is that we are not in compliance with FESCo's policy
[1], which clearly applies to all tools that change passwords and not
Hi,
On 07-10-16 16:17, Tomas Mraz wrote:
On Pá, 2016-10-07 at 15:56 +0200, Hans de Goede wrote:
Hi,
So 2 devel cycles ago we had this whole discussion
about how forcing people to choose strong passwords in anaconda
was making live hard for testers / test-installs and this
decision was reverted
On Pá, 2016-10-07 at 15:56 +0200, Hans de Goede wrote:
> Hi,
>
> So 2 devel cycles ago we had this whole discussion
> about how forcing people to choose strong passwords in anaconda
> was making live hard for testers / test-installs and this
> decision was reverted.
>
> So now here I'm doing a F2
23 matches
Mail list logo
