brion vibber (brion @ pobox.com) wrote:
Tomasz Wegrzanowski wrote:
So, while dictionary-checking sysops' passwords make a lot of sense, there's very little point in limiting passwords of the
non-privileged accounts.
At the moment we don't have a separate switch for sysops, nor any control which would prevent blank-password accounts from being made into sysops. I'd rather risk disabling a few accounts temporarily than keep the incredibly dangerous sysop accounts open (which could be used potenially to great destructive effect).
Could you elaborate on the "temporarily" part ?
Tomasz Wegrzanowski wrote:
Could you elaborate on the "temporarily" part ?
Until I finish the force-user-to-change-password-on-next-login code. (Probably tomorrow.)
-- brion vibber (brion @ pobox.com)
wikimedia-l@lists.wikimedia.org