Bug#1064617: Passwords should not be changed frequently

To: Philip Hands <phil@hands.com>, 1064617@bugs.debian.org
Cc: Diederik de Haas <didi.debian@cknow.org>
Subject: Bug#1064617: Passwords should not be changed frequently
From: Holger Wansing <hwansing@mailbox.org>
Date: Fri, 1 Mar 2024 20:46:49 +0100
Message-id: <[🔎] 20240301204649.58095cc23144f4cb3d139db8@mailbox.org>
Reply-to: Holger Wansing <hwansing@mailbox.org>, 1064617@bugs.debian.org
In-reply-to: <[🔎] 877cim1p3g.fsf@nimble.hk.hands.com>
References: <ZdqHClFcZ8O2rWJy@casper.infradead.org> <20240229231355.d75ef781944dd8815be4a606@mailbox.org> <ZdqHClFcZ8O2rWJy@casper.infradead.org> <2493363.oDMduHoqoO@bagend> <ZdqHClFcZ8O2rWJy@casper.infradead.org> <[🔎] 877cim1p3g.fsf@nimble.hk.hands.com> <ZdqHClFcZ8O2rWJy@casper.infradead.org>

Hi,

Philip Hands <phil@hands.com> wrote (Fri, 01 Mar 2024 06:46:27 +0100):
> If you want to make a constructive contribution, how about suggesting a
> wording that reflects the advice that you think would be most useful to
> the people that actually read the advice?

I would like to make a proposal, leaving the default setting as is 
(aka: default to an enabled root account, no sudo), with only some wording 
changings.

Patch attached.

What do you think?


Holger


-- 
Holger Wansing <hwansing@mailbox.org>
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

diff --git a/debian/user-setup-udeb.templates b/debian/user-setup-udeb.templates
index cdb6d78..2715cfb 100644
--- a/debian/user-setup-udeb.templates
+++ b/debian/user-setup-udeb.templates
@@ -32,28 +32,26 @@ _Description: Allow login as root?
 
 Template: passwd/root-password
 Type: password
 # :sl1:
 _Description: Root password:
  You need to set a password for 'root', the system administrative
  account. A malicious or unqualified user with root access can have
  disastrous results, so you should take care to choose a root password
- that is not easy to guess. It should not be a word found in dictionaries,
+ that cannot be guessed. It should not be a word found in dictionaries,
  or a word that could be easily associated with you.
  .
- A good password will contain a mixture of letters, numbers and punctuation
- and should be changed at regular intervals.
- .
  The root user should not have an empty password. If you leave this
  empty, the root account will be disabled and the system's initial user
  account will be given the power to become root using the "sudo"
  command.
  .
- Note that you will not be able to see the password as you type it.
+ Note that you will not be able to see the password as you type it (except if
+ you choose to show it in clear text).
 
 Template: passwd/root-password-again
 Type: password
 # :sl1:
 _Description: Re-enter password to verify:
  Please enter the same root password again to verify that you have typed it
  correctly.
 
@@ -105,18 +103,17 @@ Type: error
 _Description: Reserved username
  The username you entered (${USERNAME}) is reserved for use by the system.
  Please select a different one.
 
 Template: passwd/user-password
 Type: password
 # :sl1:
 _Description: Choose a password for the new user:
- A good password will contain a mixture of letters, numbers and punctuation
- and should be changed at regular intervals.
+ Make sure to select a strong password, that cannot be guessed.
 
 Template: passwd/user-password-again
 Type: password
 # :sl1:
 _Description: Re-enter password to verify:
  Please enter the same user password again to verify you have typed it
  correctly.

Reply to:

Follow-Ups:
- Bug#1064617: Passwords should not be changed frequently
  - From: Diederik de Haas <didi.debian@cknow.org>

References:
- Bug#1064617: Passwords should not be changed frequently
  - From: Philip Hands <phil@hands.com>

Prev by Date: Re:Bently 3500/61
Next by Date: Bug#1064617: Passwords should not be changed frequently
Previous by thread: Bug#1064617: Passwords should not be changed frequently
Next by thread: Bug#1064617: Passwords should not be changed frequently
Index(es):
- Date
- Thread