11 Feb
2005
11 Feb
'05
11:20 p.m.
It seems to me that the pulse of this list is to leave the situation as is, and not make the password hashing change for 2.1.6. This should allow us to release this version sooner, so I'm fine with that.
The reason I thought we'd have a good opportunity now is that one of the remediation steps for CAN-2005-0202 was to reset your passwords. I think it will be too much to ask admins to reset their passwords for 2.1.6 and then do it again for 2.1.7, so I'm against making this change until 2.2 or 3.0.
Thanks everyone. I may follow up on specific messages in this thread. -Barry