Brian Potkin <claremont102@gmail.com> writes: > On Fri 12 Jul 2019 at 10:22:59 +0200, Philip Hands wrote: > >> Package: user-setup >> Severity: normal >> >> Prompted by this LWN comment relating to installing buster: >> >> https://lwn.net/Articles/792960/ >> >> "The installer text specifically said that not setting a root password >> was a Very Bad Idea" >> >> looking at the text in question, I was surprised at how negative it is >> about the completely reasonable choice of selecting no root password in >> order to provoke the first-user-is-sudoer setup. >> >> https://salsa.debian.org/installer-team/user-setup/blob/master/debian/user-setup-udeb.templates#L37 >> >> I presume that this text is as it is because there is a previously >> defined question about whether one wants a root login enabled, that >> explains the way things will work with sudo if one chooses 'no': >> >> https://salsa.debian.org/installer-team/user-setup/blob/master/debian/user-setup-udeb.templates#L25 >> >> however, that question is no longer presented to users by default, so >> they get dropped into the rather scary sounding text about why one needs >> to set a root password. >> >> It seems to me that we need to reword this completely, so that choosing >> to leave the password blank is described as a reasonable thing to do, >> which will result in a perfectly decent, and often desired, sudo setup. > > Although I do not see the text as "scary", it might be better to present > the two options on equal standing. OTOH, the question seems to me simply > to say that a user can choose to login as root or with sudo. > > It is noted that you leave the advice that the password "...should be > changed at regular intervals" untouched. There is a short discussion in > #868869 about this issue: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23868869 > > #656509 received short shrift. > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656509 > > Not in your proposal - but how about killing two birds with one stone? I did (yet again) notice the password-change stuff, and thought we ought to get rid of it at the same time, but was planning on doing a separate bug (having forgotten about the already present bugs). That being the case I've added a commit to the branch, just to make sure it doesn't get forgotten about while we're in the process of bothering the translators anyway. Thanks for the reminder. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
Attachment:
signature.asc
Description: PGP signature