Okay with me, but can you elaborate on the motivation for this change? Is it just to avoid leaking a password hash accidentally, or to avoid having a user identifiable by them having a password?
Anonymized data (possibly intended for publishing) should not contain any real password hashes. If we expected users to have passwords stored in our database, we would have to replace them. Since we don't expect users to have any password set, it felt more natural to me to just assert that this expectation holds (and we thus don't leak any critical data).
Anonymized data (possibly intended for publishing) should not contain any real password hashes. If we expected users to have passwords stored in our database, we would have to replace them. Since we don't expect users to have any password set, it felt more natural to me to just assert that this expectation holds (and we thus don't leak any critical data).