Hello Simo, > On Wednesday, 14 January 2015 2:29 AM, Simo Sorce wrote: > Sorry this is false. You got enough emails telling you this > change is undesirable, that's the definition of opposition > and means you have no _consensus_. IIUC, that was for disabling remote root access completely with 'PermitRootLogin=no'. As the 'PermitRootLoing=without-password' option seems more preferred. As for the emails, many folks have also said that it is a useful change. IMO, the ones opposing are those who fear their current setups/practices would break. Because they need remote 'root' access in their set-up. Which is a genuine use-case. And to support it, we could provide an option to enable remote root access with 'PermitRootLogin=Yes', based on the the user's response to Anaconda at install time, as was suggested in previous email. However, let's not assume _all_ Fedora users have this use-case. - IMHO, the change helps to harden Fedora systems and raise the security bar a notch higher. It is similar to how we run services as non-root user instead of 'root' user. - The proposed change of using ssh keys for remote 'root' access introduces that mechanism to a wider audience, which in turn would help increase its usage in the future. Hence bring more value in the long term. - IMO, it is beneficial to supply hardened default configurations, because they protect maximum users and have greater impact, than otherwise. Security is not a feature, it must be available by default. - Of course that does not mean we overlook the usability aspect. As said before intention is _not_ to trouble users, but increase their safety as much as we can. Thank you. --- Regards -Prasad http://feedmug.com -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
