| 1 |
On K, 2017-12-27 at 09:57 -0500, Michael Orlitzky wrote: |
| 2 |
> > 2) What you plan to do to have USE=cracklib enabled by default. Two |
| 3 |
> > people suggested you should keep this (one way or another) but |
| 4 |
> instead |
| 5 |
> > everyone is now without it enabled by default. |
| 6 |
> |
| 7 |
> I plan to do nothing, because I think it should be disabled by |
| 8 |
> default |
| 9 |
> like all other USE flags. I've CC'ed all of the maintainers who might |
| 10 |
> want to add the default to IUSE, and apparently none of them do. The |
| 11 |
> hardened project and base-system are also CCed/assigned in case one |
| 12 |
> of |
| 13 |
> them wanted to adopt the default. |
| 14 |
> |
| 15 |
> The base profile is the wrong place to enable USE=cracklib, but there |
| 16 |
> are better places. If none of the people in charge of those places |
| 17 |
> want |
| 18 |
> to enable the flag, then maybe it should remain disabled. |
| 19 |
|
| 20 |
If USE=cracklib is ever removed from base/make.defaults, then this IUSE |
| 21 |
default enabling should be done before it is removed for many of the |
| 22 |
places where it helps password safety, not afterwards when some |
| 23 |
maintainers happen to see you've done it some months later, after we |
| 24 |
have dozens of users with "12345" passwords or something. |
| 25 |
|
| 26 |
If you need more opposing, then consider this one, as long as this |
| 27 |
preparation work isn't done. Just removing it because maintainers |
| 28 |
didn't get to it in your timeline isn't something I would see OK. If |
| 29 |
you want to make such a base profile change, then I believe you should |
| 30 |
contact the maintainers and see which one wants it default disabled, |
| 31 |
and which default enabled; do the default enabled changes and only |
| 32 |
afterwards you can touch a base default USE flag, otherwise you are |
| 33 |
making a change to all these maintainers packages without their |
| 34 |
consent. It IS an effective change to their package, and you are |
| 35 |
effectively doing non-maintainer changes to them. |
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
Mart |
Archives