[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Review for "PermitRootLogin without-password" change

Colin Watson <cjwatson@debian.org> writes:
> On Thu, Mar 20, 2014 at 08:32:56PM -0400, James Cloos wrote:

>> I am in favour of the change fo new installs, and of asking to do it on
>> upgrades.

>> But please be sure to announce the change widely.

>> It is *very* common in the vps world for new virtuals to come with the
>> expectation that the users must login the first time as root with a
>> password.

>> The companies doing that will need to know that they either have to
>> start asking for an ssh public key when a customer purchases a new vps
>> or change their template to bypass debian's new default.

>> (I presume most of us will prefer the former, but I'm not holding my
>> breath.)

> Thanks for this feedback.  Do you have any suggestions for where we
> might publicise this in an effective way?

Adding it to the jessie release notes, at least, seems like it would be a
good idea.  (I also wholeheartedly agree with the change, though.)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: