Quoting Joey Hess (joeyh@debian.org): > Steve Langasek wrote: > > Arguably if the consensus is that the default minimum password length should > > be raised in the users' best interests, we would want to change the > > makepasswd package's default at the same time. > > And we might also want to make d-i do the same checks, currently it > enforces no minimum lengths at all.. And, to complete that discussion, we currently have a bug report for user-setup (the D-I component which deals with root/user creation and password setting), which suggest to enforce some basic checks of passwords. A proposed implementation is in that bug report and Javier Fernandes Sanguino proposed self to try implementing something stronger. Given the various advices given in this thread about password strength enforcement by default, I'm not sure that we will finally implement this..:-) But, certainly, at least we could enforce the same pwd length than PAM.
Attachment:
signature.asc
Description: Digital signature