Tomasz Wegrzanowski wrote:
So, while dictionary-checking sysops' passwords make a lot of sense, there's very little point in limiting passwords of the non-privileged accounts.
At the moment we don't have a separate switch for sysops, nor any control which would prevent blank-password accounts from being made into sysops. I'd rather risk disabling a few accounts temporarily than keep the incredibly dangerous sysop accounts open (which could be used potenially to great destructive effect).
-- brion vibber (brion @ pobox.com)