FWIW the security team said they were OK with this for the time being; the problem is essentially that (a) very few utilities are available at the point when we need to check this, e.g. not things like cracklib, (b) in the graphical installer, UI constraints require that the password strength be checked on the fly so it needs to be quick. Thus we ended up with the current compromise.
** Package changed: debian-installer (Ubuntu) => user-setup (Ubuntu) ** Changed in: user-setup (Ubuntu) Importance: Undecided => Wishlist ** Changed in: user-setup (Ubuntu) Status: New => Triaged -- Installer does not check if password is strong enough https://bugs.launchpad.net/bugs/423775 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs