On K, 2017-12-27 at 09:57 -0500, Michael Orlitzky wrote: > > 2) What you plan to do to have USE=cracklib enabled by default. Two > > people suggested you should keep this (one way or another) but > instead > > everyone is now without it enabled by default. > > I plan to do nothing, because I think it should be disabled by > default > like all other USE flags. I've CC'ed all of the maintainers who might > want to add the default to IUSE, and apparently none of them do. The > hardened project and base-system are also CCed/assigned in case one > of > them wanted to adopt the default. > > The base profile is the wrong place to enable USE=cracklib, but there > are better places. If none of the people in charge of those places > want > to enable the flag, then maybe it should remain disabled.
If USE=cracklib is ever removed from base/make.defaults, then this IUSE default enabling should be done before it is removed for many of the places where it helps password safety, not afterwards when some maintainers happen to see you've done it some months later, after we have dozens of users with "12345" passwords or something. If you need more opposing, then consider this one, as long as this preparation work isn't done. Just removing it because maintainers didn't get to it in your timeline isn't something I would see OK. If you want to make such a base profile change, then I believe you should contact the maintainers and see which one wants it default disabled, and which default enabled; do the default enabled changes and only afterwards you can touch a base default USE flag, otherwise you are making a change to all these maintainers packages without their consent. It IS an effective change to their package, and you are effectively doing non-maintainer changes to them. Mart