* I meant “what default makes the most sense for the passwd command line application?” * It was crypt which is deprecated. Should it be BSD’s MD5? One of the SHA2 based algorithms? Or should it produce an error if no algorithm is selected?
If you change the default, then the program will work differently depending on whether or not no-deprecated is configured. This means that developers who want to write portable scripts will find it difficult to do so. People who have existing scripts and get a system upgrade could find things broken in a really strange way. This is *not* the same as when the default digest mechanism changed, because it was still available.
