Re: Review for "PermitRootLogin without-password" change
Colin Watson <cjwatson@debian.org> writes:
> On Thu, Mar 20, 2014 at 08:32:56PM -0400, James Cloos wrote:
>> I am in favour of the change fo new installs, and of asking to do it on
>> upgrades.
>> But please be sure to announce the change widely.
>> It is *very* common in the vps world for new virtuals to come with the
>> expectation that the users must login the first time as root with a
>> password.
>> The companies doing that will need to know that they either have to
>> start asking for an ssh public key when a customer purchases a new vps
>> or change their template to bypass debian's new default.
>> (I presume most of us will prefer the former, but I'm not holding my
>> breath.)
> Thanks for this feedback. Do you have any suggestions for where we
> might publicise this in an effective way?
Adding it to the jessie release notes, at least, seems like it would be a
good idea. (I also wholeheartedly agree with the change, though.)
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: