Forbid very weak passwords
Now, your sympa password can be a 3-letter dictionary word, for example (or maybe even a single digit?). This is not good. If we start to require decent passwords, there will presumably be lots of users with bad passwords to deal with; given that the password reset process is clear, we could maybe just change the weak password and require them to pick a new (decent) one.
(from redmine: created on 2012-06-27, closed on 2014-07-03)