Donald Stufft <donald <at> stufft.io> writes: > > If you can't maintain a basic level of security on your account maybe > you shouldn't be releasing code for other people to use?
Hey, can you get off your high horses now? > I don't think it's > that hard to remember a 16+ character password that has no other > restrictions besides being 16+ characters. You know, I think people could care less about what *someone else* thinks is hard to remember *for them*. They just want to use the service, not be patronized by some external entity who insists on rectifying their behaviour. Also, the talk about how a broken password can threaten other developers completely misses the big picture. Because even a "strong" password could be obtained in completely different ways, such as e.g. compromising the developers' personal computer. (obligatory reference: http://xkcd.com/538/ ) You seem to be misunderstanding the difference between *providing* security (e.g. HTTPS, better hashes, etc., which is good) and *requiring* security-minded practices (e.g. requiring "strong" passwords), which is a nuisance in many situations. > Hell repeat your original > password twice and there you go (passwords also must be at least > 8 characters). Well, can I use "aaaaaaaaaaaaaaaaaaaaaaaa" too or do I have to use "aAaAaAaAaAaAaAaAaAaAaAaAaAaAaAaA"? If that works, you could disable the restriction right now because it is not securing anything, it's just a "feel-good" restriction for security nerds. Regards Antoine. _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
