Re: Some issues with the way the install goes



houghi <houghi@xxxxxxxxxxxxxxxxxx> wrote:
Paul J Gans wrote:
I disagree. With Ununtu there is no login for root by default. Here the
password is just the same. Someting the majority of people where doing
anyway.

Correct. But the effect is the same. In both cases you
simply do a sudo.

And how often is the machine compromised by actualy knowing the
password? And again, if they can crack the password of some random user,
they can also get the password of root. With root they at least know the
name of the account they are trying to hack.

Houghi, that is beside the point. This release of 11.0 hurts
security when there was no need to do it.

If your security is compromised as a user, your machine is compromised
anyway,

No. This is not true. The user is compromized, but the machine
isn't.

To me as a single user machine, that is the same.

That's you, not me. Mine is a single user machine but it is
also my web server.

They were thinking: the majority of people use the same password anyway,
so why would we let them enter it twice? People who are not willing to
do that can still change it.

Sure. Most people use trivial passwords. Why not set one for
them so that they don't have to bother. Linksys might be a
good one.

That has NOTHING to do with it and you know it. If they choose a weak
password, they will chooce a weak one for root as well.

Aha! A dose of your own medicine provokes a spark!

--
--- Paul J. Gans
.