https://bugzilla.novell.com/show_bug.cgi?id=240162 ------- Comment #9 from pavel@novell.com 2007-05-14 03:59 MST ------- In the subsequent email exchange, Crispin said:
Pavel and I disagree on many things, but on this I agree:
1. If IS&T is going to send mail relating to passwords that has links, then send it in plain text instead of HTML. 2. Don't send mail *at all* relating to passwords with life links. Instead, the text can just say "Log in to Innerweb and click the 'password' link." 3. Drop the whole password rotation thing, it really doesn't help security much, and just annoys the users. Instead, get a good password cracker, and run it continuously against our user base, and harass users who are found to have weak passwords. Let users with strong passwords keep them. This will evolve the systems towards a safer steady state.
..and guess what? He's right. Dropping the html part should be five minute hack; can you just do it? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.