Hi, Jeremy Bícha <jeremy.bicha@canonical.com> (2023-03-02): > Please see the attached screenshot. I believe Debian would be improved > if this page was reworded. > > It begins with a strong emphatic statement "You need to set a password > for 'root' > > If someone is not reading very carefully, it's easy to not see the > later statement that in fact a password for root is not required and > if this page is left empty, that a user will be able to run admin > commands directly (with sudo or with PolicyKit as implemented by GNOME > > Settings > Printers > Add a printer). Even if someone sees the > statement, they might not understand it. The wording might be adjusted, sure, but that's also been documented in the installation guide for quite some time… https://www.debian.org/releases/bookworm/amd64/ch06s03.en.html#di-user-setup What happens if you don't set a root password and got dropped into maintenance mode at boot-time? ISTR typing in a root password was a requirement at this stage, but I've been fortunate enough to have not encountered this situation in a very long while. > I personally believe Debian would benefit from Ubuntu's approach where > sudo/admin is enabled for the first user by default. This would be the > opposite of the user experience encouraged by the current wording. Maybe. And I'll argue there's no “by default” here: what happens depends on what users do enter in that prompt. > 1. Move the root password page after the user name & password pages Altering order of screens that have been around since forever seems like it would generate more frustration and confusion than it would actually be beneficial. > 2. Change the wording to immediately mention that a root password is > not required. If it is set, then the already enabled user won't be > able to perform admin functions except by logging in as root with this > password. Adjusting the wording can be discussed. It's probably too late for bookworm as this would need to get reflected in translations, and it's very likely too late to give everyone a resonable chance to catch up in time for the release. > 3. Consider dropping the root password page from the default > installer. I think it's too late (and unnecessary) to do this for > Debian 12, but it's worth considering for Trixie. I would like to see a much stronger case to be made than “the wording is vague and confusing”. Others might feel differently… Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature