On Thu, 21 Dec 2017 10:10:30 -0500 Michael Orlitzky <m...@gentoo.org> wrote:
> The "cracklib" USE flag has long (since 2007ish) been enabled by > default for all profiles. But, the features that it provides are not > critical for any of the packages that use it: typically, the library > is used to evaluate a candidate password and to prevent the user from > choosing a weak one. > > Since the flag is not critical, and because we now have per-package > USE defaults, this commit removes it from base/make.defaults. > > Closes: https://bugs.gentoo.org/635698 As there: So as to recap that lengthy discussion of the pros and cons of having cracklib protect people from using bad passwords by default, to you it does "not look critical". I can't even tell what you mean by that. I guess you were picking low hanging fruits and thought you might start some spring cleaning? Because that's the only thing I can make of this change: it's old so it's probably useless. Let me (easily) counter that by stating that having cracklib in place makes people pick better passwords. Especially the brand new Linux users we see so many of might benefit from a default mechanism that helps them make better security choices, but I am sure even advanced users and systems administrators might set a "temporary" POC password "quickly" and then later see their systems go into production without a second thought about using stronger passwords. Please close that bug report. Kind regards, jer
