--- Comment #7 from Aryeh Gregor <> 2010-11-15 
22:31:10 UTC ---
As I've remarked elsewhere repeatedly and at length, I don't think unprivileged
users should have any password strength requirements.  It hurts them and no one
else if their account is compromised, so they can make the convenience vs.
security decision for themselves.  Ideally, strict password strength
requirements should be imposed on sysops and bots.

But if a wiki did want this anyway, I definitely would say that making
$wgMinimalPasswordLength not prevent login is a blocker.  It's not reasonable
to disable thousands of accounts just because we've strengthened password

(BTW, I tried running a query as root on the toolserver to see how many users
had ' ' as a password, but it's taking an awfully long time.  It's possible to
do, but I doubt it's worth it except for sysops.)

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

Wikibugs-l mailing list

Reply via email to