Bug#868869: debian-installer should not recommend to change password periodically (and more)

2017-07-26 Thread Brian Potkin
On Wed 26 Jul 2017 at 17:00:12 +0100, Miguel Figueiredo wrote: > On 24-07-2017 11:38, Hideki Yamane wrote: > >Hi, > > > >On Sun, 23 Jul 2017 10:49:53 +0200 > >Philipp Kern wrote: > >>It seems to me that today at least the guidance of mixed > >>character classes still makes some

Bug#868869: debian-installer should not recommend to change password periodically (and more)

2017-07-26 Thread Miguel Figueiredo
On 24-07-2017 11:38, Hideki Yamane wrote: Hi, On Sun, 23 Jul 2017 10:49:53 +0200 Philipp Kern wrote: It seems to me that today at least the guidance of mixed character classes still makes some sense as a default, to avoid the most obvious blunder of just using a simple

Bug#868869: debian-installer should not recommend to change password periodically (and more)

2017-07-26 Thread Wouter Verhelst
On Tue, Jul 25, 2017 at 11:14:42PM +0100, Brian Potkin wrote: > It is a nice debating point but I am inclined to go along with this > assessment when it comes to the installer. Nobody takes any notice > of the advice anyway and there are far more important things to > attend to. I'm not sure

Bug#868869: debian-installer should not recommend to change password periodically (and more)

2017-07-26 Thread Wouter Verhelst
On Tue, Jul 25, 2017 at 11:22:19PM +0200, Philipp Kern wrote: > On 07/24/2017 12:38 PM, Hideki Yamane wrote: > > But it also makes administrator to remember it harder as its trade-off... > > (and they maybe choose easy password as a result). It's a not good idea > > to suggests to change root

Bug#868869: debian-installer should not recommend to change password periodically (and more)

2017-07-25 Thread Brian Potkin
On Tue 25 Jul 2017 at 23:22:19 +0200, Philipp Kern wrote: > On 07/24/2017 12:38 PM, Hideki Yamane wrote: > > But it also makes administrator to remember it harder as its trade-off... > > (and they maybe choose easy password as a result). It's a not good idea > > to suggests to change root

Bug#868869: debian-installer should not recommend to change password periodically (and more)

2017-07-25 Thread Philip Hands
Philipp Kern writes: > On 07/24/2017 12:38 PM, Hideki Yamane wrote: >> But it also makes administrator to remember it harder as its trade-off... >> (and they maybe choose easy password as a result). It's a not good idea >> to suggests to change root password periodically,

Bug#868869: debian-installer should not recommend to change password periodically (and more)

2017-07-25 Thread Philipp Kern
On 07/24/2017 12:38 PM, Hideki Yamane wrote: > But it also makes administrator to remember it harder as its trade-off... > (and they maybe choose easy password as a result). It's a not good idea > to suggests to change root password periodically, IMO. It's not a best > practice. I'd say it's

Bug#868869: debian-installer should not recommend to change password periodically (and more)

2017-07-24 Thread Hideki Yamane
Hi, On Sun, 23 Jul 2017 10:49:53 +0200 Philipp Kern wrote: > It seems to me that today at least the guidance of mixed > character classes still makes some sense as a default, to avoid the most > obvious blunder of just using a simple dictionary word and be > compromised over

Bug#868869: debian-installer should not recommend to change password periodically (and more)

2017-07-23 Thread Philipp Kern
On 07/19/2017 01:21 PM, Hideki Yamane wrote: >>> A good password will contain a mixture of letters, numbers and punctuation >>> and should be changed at regular intervals. > > Now debian-installer recommends to change root password periodically, > however, > nowadays it SHOULD NOT. e.g. NIST

Bug#868869: debian-installer should not recommend to change password periodically (and more)

2017-07-19 Thread Hideki Yamane
Package: debian-installer Severity: wishlist Tags: patch Hi, >> A good password will contain a mixture of letters, numbers and punctuation >> and should be changed at regular intervals. Now debian-installer recommends to change root password periodically, however, nowadays it SHOULD NOT. e.g.