It's not an innovation, it's a common sense. Linux ain't even first limiting user's access to dmesg

It's a great feature for RHEL so I am pretty sure it will get added to Fedora.
​

In openSUSE this change has come a long time ago.

because hackers (or espionage agents, or even just pranksters) don't inform you when they know your current password.
And also in most cases getting passwords does not involve 1337 skills where you p0wn20r the whole PC and install rootkits in the UEFI using Intel CPU vulnerabilities, but it's something more simple like looking with your eyes or overhearing conversations.
Or any way that is not permanent, so if you change it the malicious agent has to redo his homework again to acquire the password again.

This slows down attackers, which is what a good defence does. While if you don't change passwords they could have just compiled a list of passwords back in the day and come in your systems at the drop of a hat.

if you are too honest and boring to grasp what kinds of plans the password change limits, you really should not talk about security.

simple passwords is not an issue if you have a half-decent system that will lock after say 20-30 wrong password attempts.

Whoever has access to their desktop does not need to know the passwords in the text file. Not sure where is the issue.

How do you tell if a password has been leaked/revealed/hacked?
What if the malicious user does nothing obvious like "format C", is just making a copy of your databases and internal documents and none finds out? I guess that's ok right?
Why dumb people like you that can't use logic are allowed to talk about security?

Debian also made the change years ago. I think the change was already made with stretch not sure abt. jessie.

Default non-debug kernel doesn't print them. Anything else?

Not debug kernel can print these info and there has been many instances of WARN messages printing potentially sensitive info in the kernel ring buffer which ends up in dmesg. You can easily find CVE's dismissed before because distros and sysadmins have had the ability to restrict dmesg. I am sure you can find examples by doing your own research

It isn't about people though. People are already sudoing everything. Worse, logging in as root directly.

It's about what info programs can access.

Yes it is. And frankly, the Unix security model is gawd awful at protecting what intruders are really after in modern information theft. While persistence is always one of the goals, most of the time, you don't need root or even kernel exploits to gain that. Data thieves are after the data the targeted user has both on the server and the desktop. Securing dmesg, /proc, /sys, etc is part of the problem, but the fundamental Unix security model is going to have to change entirely from user based security to something else to protect against modern threats.

What that will look like may be capability based and it may have to be somewhat hardware VM based, but that's up to people better versed in security than me, and probably most of the neckbeards blindly following the Unix Way as if it's the end all and be all. Something major has got to change and defense must evolve to meet modern security needs not being met by any current OS.

Have you tried SeLinux? Works pretty well at locking the system down.