On Thu, May 13, 2021 at 9:46 AM Simo Sorce <simo@xxxxxxxxxx> wrote: > > On Wed, 2021-05-12 at 16:35 -0400, Ben Cotton wrote: > > == Benefit to Fedora == > > This change makes the Fedora systems installed by Anaconda more secure > > from remote password guessing attacks targeting the root account as it > > would no longer be possible to configure a system that allows root to > > login via SSH with password. > > > > A smaller benefit is making the root password configuration screen > > less confusing by removing the "Allow SSH root login with password" & > > Anaconda code cleanup related removing code related to setting up the > > override in sshd. > > To be honest I object to this characterization. > > There is no added security given the default is not changed. This only > removes a valid option that users that install images for testing > locally on their computer use. It just makes it harder but does not > change the security of Fedora one yota, as uses can still log in after > install and re-enable root login with passwords, or use a kickstart > file to do the same. > > If this is being done because maintaining the option for Anaconda > developers then just say that. Otherwise do not do this change and let > people that need it for convenience have it. > > Simo. It also deletes from the GUI options that are available in anaconda itself. Thati violates one of the guidelines of Eric Raymond's guidelines for open source GUI's, from the "Luxury of Ignorance" essay. Well, OK, he added that guideline after the original essay as a PS at my suggestion. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure