On Mon, Jun 02, 2025 at 09:45:55AM -0700, Jeff Davis wrote:
> On Mon, 2025-06-02 at 10:32 -0500, Nathan Bossart wrote:
>> The one thing I don't like about this check is that it's probably not
>> great
>> from a security standpoint to effectively announce which roles have
>> MD5
>> passwords.
>
> Do you have a specific concern, or is that more of a general concern?
General.
>> One other thing I noticed is that checks that only emit warnings,
>> like
>> check_for_unicode_update(), require using --retain in order to see
>> the
>> generated report file.
>
> Should we automatically retain files associated with warnings, or copy
> them to a different location?
That seems worth considering. Another option could be to just document
that files generated for warnings will be lost without --retain. WDYT?
--
nathan