Re: Bug#1064617: Passwords should not be changed frequently
- To: debian-l10n-english@lists.debian.org
- Cc: 1064617@bugs.debian.org, Philip Hands <phil@hands.com>, Cyril Brulebois <kibi@debian.org>, Holger Wansing <hwansing@mailbox.org>, Diederik de Haas <didi.debian@cknow.org>
- Subject: Re: Bug#1064617: Passwords should not be changed frequently
- From: Justin B Rye <justin.byam.rye@gmail.com>
- Date: Tue, 5 Mar 2024 21:53:17 +0000
- Message-id: <[🔎] ZeeUTZqdSu5kh0_E@jbr.me.uk>
- Mail-followup-to: debian-l10n-english@lists.debian.org, 1064617@bugs.debian.org, Philip Hands <phil@hands.com>, Cyril Brulebois <kibi@debian.org>, Holger Wansing <hwansing@mailbox.org>, Diederik de Haas <didi.debian@cknow.org>
- In-reply-to: <[🔎] 87edcoz80a.fsf@nimble.hk.hands.com>
- References: <ZdqHClFcZ8O2rWJy@casper.infradead.org> <87plw8zsjy.fsf@nimble.hk.hands.com> <295380D8-52F7-43B9-9E80-C89C4D0879EF@mailbox.org> <ZdqHClFcZ8O2rWJy@casper.infradead.org> <87msrczkk6.fsf@nimble.hk.hands.com> <ZdqHClFcZ8O2rWJy@casper.infradead.org> <20240305182825.intemqx6fnielajj@mraw.org> <[🔎] A410340E-9C40-431C-98B2-94F0BCB32950@mailbox.org> <[🔎] ZeeDWH5pVm8c2wVG@jbr.me.uk> <[🔎] 87edcoz80a.fsf@nimble.hk.hands.com>
Philip Hands wrote:
> Justin B Rye <justin.byam.rye@gmail.com> writes:
>> It needs a small amount of rephrasing, but the most important problem
>> is that it starts by saying you need to set a password and then goes
>> on to suggest that you might not need to set a password. Maybe that
>> can be fixed by rearranging things slightly...
>>
>> Template: passwd/root-password
>> Type: password
>> # :sl1:
>> _Description: Root password/passphrase:
>> To allow direct password/passphrase-based access to the 'root'
>> (system administrative) account you can set it up here.
>> The results can be disastrous if a malicious or incompetent user
>> obtains root access, so you should not set one that can be guessed,
>> found in dictionaries, or easily associated with you.
>> .
>> Alternatively, you can lock root's password
>> by leaving this setting empty, and
>> instead use the system's initial user account
>> (which will be set up in the next step)
>> to become root. This will be enabled for you
>> by adding that user to the 'sudo' group.
>> .
>> Note: what you type here will be hidden (unless you select to show it).
>>
>> Does this still feel like the same advice?
>
> The reason behind that structure was supposed to be that one definitely
> needs _a_ password, but not necessarily a root password, so the password
> advice applies to whichever password you'll decide to grant root access
> to, which might not be set here.
This template is specifically about the "Root password/passphrase";
probably I should have quoted the patch I was looking at, which starts
with "One needs a password/passphrase that grants access to the 'root'
(system administrative) account" but goes on to say "Alternatively,
you can lock root's password by leaving this setting empty".
> I'm OK with the way you've phrased it, although my personal preference
> would be to simply drop the "disastrous" sentence if we use this
> version, because I think it breaks the straightforward flow of the text
> laying out the choice we're trying to get the user to make between the
> two available options. (I also rather doubt that anything we say at this
> point in the install will have the slightest influence on people's
> choice of password).
I can imagine people might be more likely to heed something shorter;
maybe it could be boiled down to
To allow direct password/passphrase-based access to the 'root'
(system administrative) account you can set it up here.
To protect your system you should not use one that can be guessed.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Reply to: