On 17/02/2017 12:35, Alberto Bursi wrote: > > > On 02/17/2017 12:26 PM, John Crispin wrote: >> >> >> On 17/02/2017 12:16, Dan Lüdtke wrote: >>> Hi David, >>> >>> thanks for the fast response! >>> >>>> On 17 Feb 2017, at 11:54, David Lang <da...@lang.hm> wrote: >>>> But deciding that you know better than the admin of the system is not. >>> >>> Not that I am a fan of telling admins what to do, but do you see any chance >>> that we can get an consistent and enforceable approach to *minimum* >>> requirements, e.g. minimum password length? Maybe by using a configuration >>> variable? Havon only the GUI enforce minimum password length and not the >>> CLI is rather inconsistent (some may say useless or even confusing). >>> >>>> >>>> you don't have any idea what the security environment is for the system, >>>> or why the admin is selecting that password. >>>> >>>> It's not just a busybox thing to allow the root user to select a password >>>> that is shorter than 'recommended', that's normal behavior on *nix systems >>>> and has been for decades, even as the 'recommendations' have changed. >>> >>> I rather see this as a "LEDE" system not a standard *nix system, even >>> though it is based on Linux and runs a Linux kernel. The question is, is >>> this a more a "product" or just another Linux system? >>> >>> "has been for decades" is not a good argument. The others are. But that one >>> is just not. >>> >>> >>> Cheers, >>> >>> Dan >> >> i agree with david lang, i regularly use "a" as a passwd on test units. >> >> John >> > > I don't use a password in test units at all and there is no issue (shows > the warning on login but not much else), so I think the "I need short > passords for testing" is a weak argument here. > > -Alberto >
regardless of you liking my use case or not its still a NAK John _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev