[Pkg-shadow-devel] Bug#304350: always ask for passwords twice - also in critical installations

Tue, 12 Apr 2005 17:10:29 +0200

--nextPart2953833.v7dXnGNX04
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

package: shadow

Hi,

currently, when doing d-i installs with DEBCONF_PRIORITY, root and user=20
passwords are only asked once (if not preseeded). IMO this is a grave bug, =
as=20
this provides no way to detect typos, so users will choose simple passwords=
=2E=20
(Or make typos...)  And it's also different from all password prompting use=
r=20
interfaces I have seen.

<h01ger> bubulle: are you still of the opinion that it's sane to only ask f=
or=20
the rootpw once if DEBCONF_PRIORITY=3Dcritical ?
<bubulle> h01ger: yes, but, well, my opinion is maybe not what is to be=20
implemented, after all.... I gave my arguments when this discussion occured=
 a=20
while ago, I have no new argument pro or against this.
<h01ger> bubulle: i'm strictly against asking for passwords only once. How =
to=20
detect typos that way ? There is no way so people will choose passwords lik=
e=20
"mate" or "123" :-( If you ask for passwords, you have to confirm them. For=
=20
critical installation mode, $disabled as a password would be much more=20
handy :)
<h01ger> bubulle: but we can discuss this nicely at debconf or maybe=20
linuxtag/karlsruhe allready ?
<bubulle> h01ger: Sure. I think that, indeed, this decision is among those=
=20
which pertain to the whole d-i team.
<bubulle> As shadow maintainer now (sigh), I will implement what is judged =
as=20
most appropriate by the d-i team, as this feature is only used during=20
installs
<bubulle> [...] I *will* deal with that post-sarge...but, again, after taki=
ng=20
opinions from either the d-i team, or the technical comitee, or by starting=
 a=20
flamew^W discussion in -devel
<h01ger> bubulle: you might even argue that it's a debian decision. as=20
"ergonomic user interfaces" are demanded by some laws (you are not allowed =
to=20
use unergonomic software) and entering a password only once is against all=
=20
users expectations. - even admins have a right for ergonomic software :-) b=
ut=20
i absolutly agree with post-sarge and team-decision.
<bubulle> h01ger: yep, the decision about prompting the root pw twice is a=
=20
general design decision, so a "debian" decision (thus, technical comitee,=20
again?)

regards,
 Holger

--nextPart2953833.v7dXnGNX04
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBCW+TuUHLQNqxYNSARAo55AJ0a4GE0JzYF69FUGUBJfoyvfwscVwCgsfDG
FyC1FKQ8ve6mMJUjB/F1Wgk=
=9IRv
-----END PGP SIGNATURE-----

--nextPart2953833.v7dXnGNX04--