Recapitiulation: A security problem was recognized because the ssh daemon is enabled by default on Fedora systems: with a weak root password, a remote attacker might easily obtain unlimited access. The direct solution would seem to be a change to the ssh daemon to prohibit root login in its default configuration, but allow post-installation change to sshd to permit this where it is desirable. An indirect solution was implemented to require a strong root password during Fedora installation. This avoids the default vulnerability, but upset people (especially testers who frequently install Fedora) that consider it makes additional work necessary to configure a system the way they want it. Ultimately, this indirect solution is weak. Users are likely to supply an acceptable root password during installation, then change it to what they desire after installation. This could re-open the vulnerability, which was not understood by a casual user. -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
