On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote: > Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, and > there is no passwd, so that user can login easily without a passwd, I think > that current status is more unsafe ?
Both well-known password and no password are unsafe. User "root" with password "root" is not even "more" safe already now, because tools that brute-force logins try that. Choosing something else would be a bit safer for a short while until the tools add it to their dictionary. Poky is also targeting a different audience than OE-core. Poky can assume to be used in a secure environment, OE-core can't (because it might be used for all kinds of devices). -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
