On Mon, Jun 02, 2025 at 09:45:55AM -0700, Jeff Davis wrote: > On Mon, 2025-06-02 at 10:32 -0500, Nathan Bossart wrote: >> The one thing I don't like about this check is that it's probably not >> great >> from a security standpoint to effectively announce which roles have >> MD5 >> passwords. > > Do you have a specific concern, or is that more of a general concern?
General. >> One other thing I noticed is that checks that only emit warnings, >> like >> check_for_unicode_update(), require using --retain in order to see >> the >> generated report file. > > Should we automatically retain files associated with warnings, or copy > them to a different location? That seems worth considering. Another option could be to just document that files generated for warnings will be lost without --retain. WDYT? -- nathan
