On Thu, 21 Dec 2017 10:10:30 -0500
Michael Orlitzky <m...@gentoo.org> wrote:

> The "cracklib" USE flag has long (since 2007ish) been enabled by
> default for all profiles. But, the features that it provides are not
> critical for any of the packages that use it: typically, the library
> is used to evaluate a candidate password and to prevent the user from
> choosing a weak one.
> Since the flag is not critical, and because we now have per-package
> USE defaults, this commit removes it from base/make.defaults.
> Closes: https://bugs.gentoo.org/635698

As there:

So as to recap that lengthy discussion of the pros and cons of having
cracklib protect people from using bad passwords by default, to you it
does "not look critical". I can't even tell what you mean by that. I
guess you were picking low hanging fruits and thought you might start
some spring cleaning? Because that's the only thing I can make of this
change: it's old so it's probably useless.

Let me (easily) counter that by stating that having cracklib in place
makes people pick better passwords. Especially the brand new Linux
users we see so many of might benefit from a default mechanism that
helps them make better security choices, but I am sure even advanced
users and systems administrators might set a "temporary" POC password
"quickly" and then later see their systems go into production without a
second thought about using stronger passwords.

Please close that bug report.

Kind regards,

Reply via email to