On 17/02/2017 12:35, Alberto Bursi wrote:
>
>
> On 02/17/2017 12:26 PM, John Crispin wrote:
>>
>>
>> On 17/02/2017 12:16, Dan Lüdtke wrote:
>>> Hi David,
>>>
>>> thanks for the fast response!
>>>
>>>> On 17 Feb 2017, at 11:54, David Lang <da...@lang.hm> wrote:
>>>> But deciding that you know better than the admin of the system is not.
>>>
>>> Not that I am a fan of telling admins what to do, but do you see any chance
>>> that we can get an consistent and enforceable approach to *minimum*
>>> requirements, e.g. minimum password length? Maybe by using a configuration
>>> variable? Havon only the GUI enforce minimum password length and not the
>>> CLI is rather inconsistent (some may say useless or even confusing).
>>>
>>>>
>>>> you don't have any idea what the security environment is for the system,
>>>> or why the admin is selecting that password.
>>>>
>>>> It's not just a busybox thing to allow the root user to select a password
>>>> that is shorter than 'recommended', that's normal behavior on *nix systems
>>>> and has been for decades, even as the 'recommendations' have changed.
>>>
>>> I rather see this as a "LEDE" system not a standard *nix system, even
>>> though it is based on Linux and runs a Linux kernel. The question is, is
>>> this a more a "product" or just another Linux system?
>>>
>>> "has been for decades" is not a good argument. The others are. But that one
>>> is just not.
>>>
>>>
>>> Cheers,
>>>
>>> Dan
>>
>> i agree with david lang, i regularly use "a" as a passwd on test units.
>>
>> John
>>
>
> I don't use a password in test units at all and there is no issue (shows
> the warning on login but not much else), so I think the "I need short
> passords for testing" is a weak argument here.
>
> -Alberto
>
regardless of you liking my use case or not its still a NAK
John
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
