On 20 Jan 2022, Mark Phippard wrote:
... my main idea has always been that we put things back the way
they were.
I would be completely in favor of that. The old status quo was
fine: it presented warnings to users at the appropriate moments,
and otherwise let them decide their own threat model, which they
know best.
For those who consider *any* support of plain text passwords to be
a major security problem, you are right: they will not like any of
these solutions, and that's not going to change.
I think the way we already managed the warnings was the right
way to handle this for camp 2. It was just enough warning to make
a
user aware without making it too difficult to use. What we then
need
to do is also add some new compile time option to disable plain
text
passwords. This would give the people in camp 1 an option.
+1 to that plan.
This problem only exists on *nix and the people in camp 1 are
capable
of solving this problem if we give them the tools to do
so. Whereas
the people in camp 2 are less able to solve it themselves. So I
think
our defaults should cater more to camp 2 and we should provide
options
that can be leveraged by camp 1 if they must go that route.
Agreed.
So: shall we just go back to the old way, but with a compile-time option
to remove support for it?
Best regards,
-Karl