Re: F35 Change: Drop the the "Allow SSH root login with password" option from the installer GUI (Self-Contained Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 13, 2021 at 9:46 AM Simo Sorce <simo@xxxxxxxxxx> wrote:
>
> On Wed, 2021-05-12 at 16:35 -0400, Ben Cotton wrote:
> > == Benefit to Fedora ==
> > This change makes the Fedora systems installed by Anaconda more secure
> > from remote password guessing attacks targeting the root account as it
> > would no longer be possible to configure a system that allows root to
> > login via SSH with password.
> >
> > A smaller benefit is making the root password configuration screen
> > less confusing by removing the "Allow SSH root login with password" &
> > Anaconda code cleanup related removing code related to setting up the
> > override in sshd.
>
> To be honest I object to this characterization.
>
> There is no added security given the default is not changed. This only
> removes a valid option that users that install images for testing
> locally on their computer use. It just makes it harder but does not
> change the security of Fedora one yota, as uses can still log in after
> install and re-enable root login with passwords, or use a kickstart
> file to do the same.
>
> If this is being done because maintaining the option for Anaconda
> developers then just say that. Otherwise do not do this change and let
> people that need it for convenience have it.
>
> Simo.

It also deletes from the GUI options that are available in anaconda
itself. Thati violates one of the guidelines of Eric Raymond's
guidelines for open source GUI's, from the "Luxury of Ignorance"
essay. Well, OK, he added that guideline  after the original essay as
a PS at my suggestion.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux