Tomasz Wegrzanowski wrote:
So, while dictionary-checking sysops' passwords
make a lot of sense,
there's very little point in limiting passwords of the non-privileged accounts.
At the moment we don't have a separate switch for sysops, nor any control which
would prevent blank-password accounts from being made into sysops. I'd rather
risk disabling a few accounts temporarily than keep the incredibly dangerous
sysop accounts open (which could be used potenially to great destructive effect).
-- brion vibber (brion @ pobox.com