• Re: Bug#998408: "good password" advice in installer is still bad two ye

    From Brian Potkin@21:1/5 to Philip Hands on Thu Sep 7 23:30:01 2023
    On Thu 07 Sep 2023 at 01:27:23 +0200, Philip Hands wrote:

    Jonathan Kamens <jik@kamens.us> writes:

    Oh, I see now that the fact that the installer shouldn't recommend
    changing one's password regularly was also reported previously, in bug #868869.

    Also, in #656509 (in which Cyril states that the effort of translating a
    new message outweighs the importance of the change).

    I've no idea if that justification for inaction still stands, but I
    thought this would make a nice little example for the use of the
    salsa-CI pipeline (and my branch2repo variant of that), so here's an MR:

    https://salsa.debian.org/installer-team/user-setup/-/merge_requests/7

    and here's a screenshot of what the change looks like:

    https://openqa.debian.net/tests/185853#step/passwords/1

    I'm not 100% happy with the wording (and the underlines around 'should'
    need to go) so I'm very likely to tweak it tomorrow.

    Suggestions for improvement welcome, although be aware that given the resistance to fixing this in the past, it's always possible such a
    change will also be deemed unjustified now.

    I think it's probably about time we fixed it, since even the civil
    servants in the UK have stopped recommending password changes by now,
    and they tend to make such changes at least a decade late. ;-)

    The password strength advice in d-i has been there from the year dot. Irrespective of what GCHQ and others say now, it was a load of nonsense
    then and remains so.

    The vast majority of users ignore it; some might schedule a password
    change at the same time they change the locks on all outside doors of
    their residence or on their cars.

    Debian has no need to offer password advice (as opposed to roo vs sudo).
    So leave it there as a historical oddity or delete the d-i advice. The
    latter route does not involve anyone in any great effort to maintain
    the staus quo.

    --
    Brian.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)