1 |
On K, 2017-12-27 at 09:57 -0500, Michael Orlitzky wrote: |
2 |
> > 2) What you plan to do to have USE=cracklib enabled by default. Two |
3 |
> > people suggested you should keep this (one way or another) but |
4 |
> instead |
5 |
> > everyone is now without it enabled by default. |
6 |
> |
7 |
> I plan to do nothing, because I think it should be disabled by |
8 |
> default |
9 |
> like all other USE flags. I've CC'ed all of the maintainers who might |
10 |
> want to add the default to IUSE, and apparently none of them do. The |
11 |
> hardened project and base-system are also CCed/assigned in case one |
12 |
> of |
13 |
> them wanted to adopt the default. |
14 |
> |
15 |
> The base profile is the wrong place to enable USE=cracklib, but there |
16 |
> are better places. If none of the people in charge of those places |
17 |
> want |
18 |
> to enable the flag, then maybe it should remain disabled. |
19 |
|
20 |
If USE=cracklib is ever removed from base/make.defaults, then this IUSE |
21 |
default enabling should be done before it is removed for many of the |
22 |
places where it helps password safety, not afterwards when some |
23 |
maintainers happen to see you've done it some months later, after we |
24 |
have dozens of users with "12345" passwords or something. |
25 |
|
26 |
If you need more opposing, then consider this one, as long as this |
27 |
preparation work isn't done. Just removing it because maintainers |
28 |
didn't get to it in your timeline isn't something I would see OK. If |
29 |
you want to make such a base profile change, then I believe you should |
30 |
contact the maintainers and see which one wants it default disabled, |
31 |
and which default enabled; do the default enabled changes and only |
32 |
afterwards you can touch a base default USE flag, otherwise you are |
33 |
making a change to all these maintainers packages without their |
34 |
consent. It IS an effective change to their package, and you are |
35 |
effectively doing non-maintainer changes to them. |
36 |
|
37 |
|
38 |
|
39 |
Mart |