On 11/24/2016 02:46 AM, Patrick Ohly wrote: > On Thu, 2016-11-24 at 11:38 +0800, Robert Yang wrote: >> Currently, debug-tweaks is in EXTRA_IMAGE_FEATURES by default for poky, and >> there is no passwd, so that user can login easily without a passwd, I think >> that current status is more unsafe ? > > Both well-known password and no password are unsafe. User "root" with > password "root" is not even "more" safe already now, because tools that > brute-force logins try that. Choosing something else would be a bit > safer for a short while until the tools add it to their dictionary. > > Poky is also targeting a different audience than OE-core. Poky can > assume to be used in a secure environment, OE-core can't (because it > might be used for all kinds of devices). >
That is the first time I've heard Poky is targeting an audience assumed to be running in a secure environment. Should we document what Poky this somewhere? From where I sit, this seems to be an odd limitation. Philip -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
