Your message dated Fri, 3 May 2024 21:42:01 +0200 with message-id <[🔎] 20240503214201.b0b389be5197d4a9d1253435@mailbox.org> and subject line Uploading user-setup: update password selection advice has caused the Debian Bug report #1064617, regarding Passwords should not be changed frequently to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1064617: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064617 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: Passwords should not be changed frequently
- From: Matthew Wilcox <willy@infradead.org>
- Date: Sun, 25 Feb 2024 00:17:14 +0000
- Message-id: <ZdqHClFcZ8O2rWJy@casper.infradead.org>
Package: debian-installer I just did an installation with the 2024-02-24 debian-testing-amd64-netinst.iso image. I forget the exact wording used, but when setting up a user, d-i printed advice that user passwords should be changed frequently. This is no longer current good advice (since 2017): "Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator." https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf I happen to like their suggestion of providing a password-strength meter, but that would be a separate bug. This bug is simply a request to remove this outdated suggestion text from d-i.
--- End Message ---
--- Begin Message ---
- To: debian-boot <debian-boot@lists.debian.org>
- Cc: 1064617-close@bugs.debian.org, 998408-close@bugs.debian.org, 868869-close@bugs.debian.org
- Subject: Uploading user-setup: update password selection advice
- From: Holger Wansing <hwansing@mailbox.org>
- Date: Fri, 3 May 2024 21:42:01 +0200
- Message-id: <[🔎] 20240503214201.b0b389be5197d4a9d1253435@mailbox.org>
Version: 1.97 Forgot to mention bug closure in changelog before uploading, so closing now manually. -- Holger Wansing <hwansing@mailbox.org> PGP-Fingerprint: 496A C6E8 1442 4B34 8508 3529 59F1 87CA 156E B076
--- End Message ---