On Fri 12 Jul 2019 at 10:22:59 +0200, Philip Hands wrote: > Package: user-setup > Severity: normal > > Prompted by this LWN comment relating to installing buster: > > https://lwn.net/Articles/792960/ > > "The installer text specifically said that not setting a root password > was a Very Bad Idea" > > looking at the text in question, I was surprised at how negative it is > about the completely reasonable choice of selecting no root password in > order to provoke the first-user-is-sudoer setup. > > > https://salsa.debian.org/installer-team/user-setup/blob/master/debian/user-setup-udeb.templates#L37 > > I presume that this text is as it is because there is a previously > defined question about whether one wants a root login enabled, that > explains the way things will work with sudo if one chooses 'no': > > > https://salsa.debian.org/installer-team/user-setup/blob/master/debian/user-setup-udeb.templates#L25 > > however, that question is no longer presented to users by default, so > they get dropped into the rather scary sounding text about why one needs > to set a root password. > > It seems to me that we need to reword this completely, so that choosing > to leave the password blank is described as a reasonable thing to do, > which will result in a perfectly decent, and often desired, sudo setup.
Although I do not see the text as "scary", it might be better to present the two options on equal standing. OTOH, the question seems to me simply to say that a user can choose to login as root or with sudo. It is noted that you leave the advice that the password "...should be changed at regular intervals" untouched. There is a short discussion in #868869 about this issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23868869 #656509 received short shrift. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656509 Not in your proposal - but how about killing two birds with one stone? -- Brian.
